Tim Bourgaize Murray: RIP, “APT”
When a real problem meets dated jargon.

In a world where words and catchphrases drift in and out of style, etymology is all the more important and too often ignored. To wit, and believe it or not, I briefly debated using “On Leek” parodying “on fleek” to headline this month’s cover story. Understanding where verbiage comes from should help explain what it means and why, all of the sudden, Twitter is obsessed with hashtagging it.
Of course, the same goes for technology speak. Take, for instance, a cyber-related situation back in 2011, when a state actor compromised RSA, the vendor that builds token-password technology used by most Fortune 500 companies. The actor turned out to be China, but everyone involved was reticent to say as much.
Back then, it wasn’t politically kosher to identify the country, as one senior technologist recently put it to me, so a new term—“advanced persistent threat”—was coined and served to obfuscate things until an army general at US Cyber Command, Keith Alexander, and US senator Carl Levin decided enough was enough, and, in a surprising turnabout, finally “outed” the perpetrator. That same chief technologist said the term—more simply known now as APT—could probably have gone away then and there, without anyone noticing.
Drawing Ire
But the opposite happened. Four years later, APT is probably the second most commonly used acronym in cybersecurity chatter, after DDoS (distributed denial of service), but it draws a lot more ire from CISOs. In a recent Waters story on the Carbanak bank breach, one source even made his own sarcastic revision, noting that the Kaspersky press push was really an AVT—advanced vendor threat. Ouch.
Like anything else that is highly marketed, the concept of an APT doesn’t exactly fit reality. There are many persistent threats facing financial services firms, and more rarely, there are bespoke, advanced threats that go after intellectual property or source code—but it isn’t too often that the Venn diagram overlaps. Yet we’re led to believe that in each and every moment we’re facing a cyber-Armageddon … and even the world’s most careful media organizations are happy to go along with that narrative.
So what’s the problem? Well, like anything else that is highly marketed, the concept of an APT doesn’t exactly fit reality. There are many persistent threats facing financial services firms, and more rarely, there are bespoke, advanced threats that go after intellectual property or source code—but it isn’t too often that the Venn diagram overlaps. Yet we’re led to believe that in each and every moment we’re facing a cyber-Armageddon … and even the world’s most careful media organizations are happy to go along with that narrative.
It would seem counterintuitive, but the most level-headed bunch in the security space—at times, even playing things down—are actually the CISOs themselves. As rational actors, they would seem most likely to play-up the threat. Bigger budgets and more personnel would probably follow.
Instead, it’s almost as if they’re in the opposite role: managing the risk, of course, but dispelling rumors and reassuring board members that, yes, actually, the firm has known for months, if not years, about the cyber news they read in the Financial Times yesterday. It must be an awfully strange position to hold in 2015, though obviously an exciting one—as we hope the entirety of the April issue of Waters has shown.
More Wheat, Less Chaff
From a vendor’s perspective, it should be an interesting space to watch, too. The major names in the space haven’t really changed yet, but if Blackstone is any indication, it does seem that more major capital markets firms are increasingly looking to start-ups rather than establishment players to fit what they need. I imagine the arguments are traditional ones: better service levels, greater customization and the opportunity to mold the product (and in Blackstone’s case, the company itself) earlier on—more wheat, less chaff.
Authorities are closing in on identifying the perpetrators of the JP Morgan Chase data theft from last year, and I imagine the industry is watching closely. Not for the contour or source of the threat—most everyone with a cyber-intelligence provider probably already knows most of that—but rather for the way it is handled by the regulatory and government authorities. In short, the way it’s spun.
Which gets back to the roots of the problem with cyber: it’s fluid and complicated enough, and we’d be better off without an additional patina of jargon coating it.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
M&A activity, syndicated loans, a new tariff tool, and more
The Waters Cooler: LSEG and LeveL Markets partner for new order type, QuantHouse gets sold to Baha Tech, and Fitch Ratings has a new interactive tool in this week’s news roundup.
Nasdaq, AWS offer cloud exchange in a box for regional venues
The companies will leverage the experience gained from their relationship to provide an expanded range of services, including cloud and AI capabilities, to other market operators.
OCC’s security chief on generative AI with guardrails
Clearinghouse looks to scale technology across risk and data operations—but safety is still the watchword.
Bank of America reduces, reuses, and recycles tech for markets division
Voice of the CTO: When it comes to the old build, buy, or borrow debate, Ashok Krishnan and his team are increasingly leaning into repurposing tech that is tried and true.
Waters Wavelength Ep. 313: FIS Global’s Jon Hodges
This week, Jon Hodges, head of trading and asset services for Apac at FIS Global, joins the podcast to talk about how firms in Asia-Pacific approach AI and data.
Project Condor: Inside the data exercise expanding Man Group’s universe
Voice of the CTO: The investment management firm is strategically restructuring its data and trading architecture.
BNP Paribas explores GenAI for securities services business
The bank recently released a new web app for its client portal to modernize its tech stack.
Bank of America and AI, exchanges feud with researchers, a potential EU tax on US tech, and more
The Waters Cooler: Broadridge settles repos in real time, Market Structure Partners strikes back at European exchanges, and a scandal unfolds in Boston in this week’s news roundup.