Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » Generic » APT- Advanced Persistent Threat

APT- Advanced Persistent Threat

An Advanced Persistent Threat (APT) is a highly sophisticated and long-lasting cyberattack strategy. In an APT, intruders infiltrate a network covertly, aiming to steal sensitive data over an extended period while avoiding detection.

Key APT objectives:

APT attackers target sensitive data like credit card information, bank accounts, passport details, and more.
APTs may seek to disrupt an entire system, including cloud resources, by deleting crucial databases.
Attackers may gain control of critical websites, potentially impacting stock markets or vital services like hospitals.
APTs aim to access essential systems using stolen user credentials.
Attackers seek sensitive or incriminating information via intercepted communications.

GhostNet APT

One notable example of an APT is GhostNet. Discovered in March 2009, GhostNet is considered one of the most sophisticated APTs. While its control infrastructure was largely traced to China, the Chinese government denied involvement.

GhostNet executed attacks by sending spear-phishing emails with malicious files, leading to Trojan horse infections. Once compromised, the attacker could remotely control the infiltrated system, allowing malware downloads and full system control.

Additional reading

User Access Review: Methods, Steps, & Best Practices

How to conduct a user access review?

On May 2023, a disgruntled Tesla ex-employee used his privileges as a service technician to gain access to data of 75,735 employees, including personal details and financial information. The breach attracted a $3.3 billion fine under GDPR. While breaches due to external and unknown factors are not under an organization’s control, such incidents can be…

Blogs Cybersecurity

Understanding Cybersecurity Vulnerabilities And How They Put You At Risk

From managing finances to connecting with our loved ones, your digital footprints continue to expand. Yet, with every click, scroll, and connection, you leave yourselves vulnerable to unpredictable security risks. Cyber security and Infrastructure Security Agency recently raised an alarm in Palo Alto Networks’ Expedition tool, highlighting the risks that lie within seemingly innocuous software. …

Blogs Compliance management Cybersecurity

Governance vs Compliance: Key Differences and Similarities

In the world of corporate regulations, laws, and policies, two terms are used commonly and often interchangeably – compliance and governance. While these components of GRC have some overlapping objectives, their applicability is far from the same. In this article, we discuss what governance and compliance means and the differences between the two. What is…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales