Mitigating Advanced Persistent Threats: A Framework for Enhancing Organizational Cybersecurity Posture

Authors

  • Fahad Amin Department of Computer Science, Cybersecurity North American University, Stafford, TX, USA Author
  • Usman Imtiaz Department of Computer Science, Cybersecurity Washington University of Science and Technology (WUST), Virginia, USA Author

Keywords:

Advanced Persistent Threats (APTs), Cybersecurity Posture, Zero Trust Architecture, APT Detection and Mitigation, Organizational Cybersecurity, MITRE Attack Framework

Abstract

Advanced Persistent Threats (APTs) are a serious threat to the cyber security of organizations and demand a solution that is not perimeter-centric. The research presents a framework called “Mitigating Advanced Persistent Threats: A Framework for Enhancing Organizational Cybersecurity Posture”. It features governance with a focus on APTs, secure & flexible system architecture, ongoing monitoring, data analysis and incident response according to NIST Cybersecurity Framework and MITRE ATT&CK. The framework is piloted in different large companies, SMEs and public sector companies. The results show that the coverage gaps for APT are reduced by 38% to 45%, Mean Time to Detect (MTTD) is reduced by 25% to 40% and up to a 35% reduction in dwell time. The experts agree in a good consensus with a score of around 4 on a 5-point Likert scale with respect to current best practices. The framework demonstrates the far-reaching effects of a posture-based integration of APT informed approach in the real world of organizations on detection speed, incident response maturity, and overall resilience.

REFERENCES

[1] IBM, “What are advanced persistent threats (APTs)?,” IBM Security, 2024. [Online]. Available: https://www.ibm.com/think/topics/advanced-persistent-threats

[2] Vectra.ai, “Advanced persistent threat (APT) detection and defense guide,” Vectra AI, 2026. [Online]. Available: https://www.vectra.ai/topics/advanced-persistent-threat

[3] NIST, “NIST Cybersecurity Framework (CSF),” National Institute of Standards and Technology, 2022. [Online]. Available: https://www.nist.gov/cyberframework

[4] Premier Science, “Advanced persistent threats (APTs): Analysing tactics, techniques and impact,” Premier Science Journal, 2025.

[5] ISACA, “Cybersecurity insights: Emerging risks and resilience in organizations,” ISACA, 2021. [Online]. Available: https://www.isaca.org/resources

[6] Stimson Center, “Cybersecurity capacity in South Asia,” Stimson Center, 2025. [Online]. Available: https://www.stimson.org

[7] ISSRA, “Cyber threats to Pakistan’s critical infrastructure,” Institute for Strategic Studies, Research & Analysis (ISSRA), n.d.

[8] MITRE, “MITRE ATT&CK framework,” MITRE Corporation, 2024. [Online]. Available: https://attack.mitre.org

[9] ENISA, “Threat landscape for advanced persistent threats,” European Union Agency for Cybersecurity, 2023. [Online]. Available: https://www.enisa.europa.eu

[10] CyberSecurity Malaysia, “Cybersecurity insights: APTs and resilience in emerging economies,” CyberSecurity Malaysia, 2024. [Online]. Available: https://www.csm.my

[11] arXiv based SLR, “A systematic literature review on advanced persistent threat behaviors and detection strategies,” arXiv e‑Print, 2025. [Online]. Available: https://arxiv.org/html/2503.11659v2

[12] ScienceDirect SLR, “A systematic literature review for APT detection and effective cybersecurity controls,” Elsevier, 2023. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S2405844023043645

[13] NIST, “Zero Trust Architecture (NIST Special Publication 800‑207),” National Institute of Standards and Technology, 2022. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.800-207.pdf

[14] Zero Trust and Advanced Persistent Threats, “Zero Trust and advanced persistent threats: Who will win the war?,” Franklin University, 2023. [Online]. Available: https://fuse.franklin.edu/context/facstaff-pub/article/1105/viewcontent/Zero_Trust_and_Advanced_Persistent_Threats.pdf

[15] arXiv based ZTA review, “Zero trust architecture: A systematic review,” arXiv, 2025.

[16] ScienceDirect, “Design-oriented research in cybersecurity,” ScienceDirect, 2013.

[17] Frontiers in Education, “Mixed methods research in cybersecurity education,” Frontiers in Education, 2026.

[18] Cybersecurity Research Framework, “A framework for cybersecurity research,” 2025.

[19] Mixed Methods IS, security studies, “Mixed methods in information security research,” 2019.

[20] NCSC, “Threat report,” National Cyber Security Centre, 2025.

[21] WJARR, “Cybersecurity frameworks for SMEs,” World Journal of Advanced Research and Reviews, 2025.

Author Biographies

  • Fahad Amin, Department of Computer Science, Cybersecurity North American University, Stafford, TX, USA

    Department of Computer Science,

    Cybersecurity North American University,

    Stafford, TX, USA

    Email: famin1@na.edu  

  • Usman Imtiaz, Department of Computer Science, Cybersecurity Washington University of Science and Technology (WUST), Virginia, USA

    Department of Computer Science,

    Cybersecurity Washington University of Science and Technology (WUST),

    Virginia, USA

    Email: usmanimtiaz1992@gmail.com

Downloads

Published

04-06-2025

Issue

Vol. 3 No. 1 (2025): Journal of Engineering and Computational Intelligence Review

Section

Articles

License

Copyright (c) 2026 Fahad Amin, Usman Imtiaz (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

How to Cite

Mitigating Advanced Persistent Threats: A Framework for Enhancing Organizational Cybersecurity Posture. (2025). Journal of Engineering and Computational Intelligence Review, 3(1), 99-113. https://jecir.com/index.php/jecir/article/view/40

Share

Similar Articles

21-30 of 40

You may also start an advanced similarity search for this article.