Applying System Dynamics to Model Advanced Persistent Threats

System dynamics (SD) concept has been successfully applied to analyze issues that are non-linear, complex, and dynamic in disciplines namely social sciences and technology. However, its application to cyber security issues especially threats that involves multiple variables interacting with the technical as well as the organizational domain is lacking. In this respect, Advanced Persistent Threat (APT) is regarded as a highly targeted and sophisticated attack using zero-day malware, stealth, and multiple advanced techniques to gain entry and maintain its presence inside organizational network unnoticed. Being a threat that exploits technical as well as organizational vulnerabilities, preventing it at the security perimeter and, detecting it once it enters the system is a challenge till date. To demonstrate the application of SD in identifying and analyzing the effect of each of the variables, we took the Equinox data breach as a case study. The variables leading to the breach were identified, entered into Vensim software and simulated to get the results. Through this exercise, we could identify seven key independent management variables for the technical security and three key independent variables for records breach. This research being the foremost study to apply SD to APT, we presume that by modelling APT attacks using SD through a case study this paper, thus provides insights into the dynamics of the threat. Furthermore, it suggests 'what if' strategies to minimize APT risks thereby reduce the extent of damages should an APT attack occur.