A False Sense of Security—Organizations Need a Paradigm Shift on Protecting Themselves against APTs

Advanced Persistent Threats (APTs) are among the most complex cyberattacks and are generally executed by cyber-attackers linked to nation-states. An organization may have security strategies to prevent APTs. However, a false sense of security may exist when the focus is on implementing security strategies but not on the effectiveness of implemented security strategies. This research aims to find out 1) if organizations are in a false sense of security while preventing APT attacks, 2) what factors influence the false sense of security, and 3) whether organizational culture influence factors contributing to the false sense of security. A theoretical model is developed to evaluate the sense of security to answer the three research questions. The initial model includes seven independent variables, one moderator variable, and one dependent variable. We designed and conducted a survey among cybersecurity professionals to test 14 hypotheses on the sense of security. We further refined and finalized the model based on the data analysis from the survey data. This research confirms that employees are not confident about organizations’ cybersecurity posture despite all the awareness training, technological advancements, and massive investment. We also identified key factors which influence the employee perception of cybersecurity posture. Based on the research findings, we provided recommendations that can be followed to improve the effectiveness of implemented security strategies.