1 in 5 enterprises have experienced an APT attack


Tuesday, 15 July, 2014

1 in 5 enterprises have experienced an APT attack

A global study shows that one in five organisations (21%) have experienced an advanced persistent threat (APT) attack, and 66% believe it's only a matter of time before their enterprise is hit by an APT.

Yet only 15% of enterprises believe they are very prepared for an APT attack. And among the companies that have been attacked, only one in three could determine the source.

ISACA, a global association serving 115,000 IT security, risk, assurance and governance professionals, conducted the study of 1220 security professionals to determine how APTs have evolved from 2013.

"APTs are stealthy, relentless and single-minded, and their primary purpose is to extract information such as valuable research, intellectual property or government data," said Queensland-based Tony Hayes, ISACA's immediate past international president. "In other words, it is absolutely critical for enterprises to prepare for them, and that preparation requires more than the traditional technical controls."

The majority of responding organisations say their primary APT defence is technical controls such as firewalls, access lists and antivirus, which are critical for defending against traditional threats, but not sufficient for preventing APT attacks.

Nearly 40% of enterprises report that they are not using user security training and controls to defend against APT - a critical component of a successful cybersecurity plan.

Worse yet, more than 70% are not using mobile controls, even though 88% of respondents recognise that employees' mobile devices are often the gateway to an APT attack.

While more enterprises report that they are adjusting vendor management practices (23%) and incident response plans (56%) to address APTs this year, the numbers still need significant improvement.

"The good news is that more enterprises are attempting to better prepare for the APT this year," said Robert Stroud, international president of ISACA and a vice president at CA Technologies. "The bad news is that there is still a big knowledge gap regarding APTs and how to defend against them, and more security training is critically needed."

Related Articles

Four common zero-trust misconceptions derailing cybersecurity success

John Kindervag, creator of the zero-trust concept, explores the four most common zero-trust...

Too much of a good thing: Australia's cyber overlap issue

Recent research indicates many organisations may have too many security systems with overlapping...

The true cost of cyber attacks

The average annual expense of recovering and dealing with cyber attacks has surpassed AU$4.1...

Content from other channels on our network

AWS, Microsoft have 56% of cloud services market: Finbold

Macquarie Data Centres breaks ground on IC3 Super West

Victorian OPP implements new case management system

The need to cap the ATO's access to personal data

Supporting sustainable employment for neurodivergent individuals

Ausgrid workers to strike

Aust wholesaler lowers CO2 through HVAC innovation

MEA warns of upcoming electrician shortage

Aust companies plug into solar

Ground broken at 'secure, sovereign' data centre

3D printing of light-activated hydrogel actuators

Passivation approach boosts stability of perovskite solar cells

Researchers create safe, long-lasting, high-temp battery

'Organ on a chip' developed for better drug testing

The crucial role of contacts in connector functionality

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd