1 in 5 enterprises have experienced an APT attack


Tuesday, 15 July, 2014


1 in 5 enterprises have experienced an APT attack

A global study shows that one in five organisations (21%) have experienced an advanced persistent threat (APT) attack, and 66% believe it's only a matter of time before their enterprise is hit by an APT.

Yet only 15% of enterprises believe they are very prepared for an APT attack. And among the companies that have been attacked, only one in three could determine the source.

ISACA, a global association serving 115,000 IT security, risk, assurance and governance professionals, conducted the study of 1220 security professionals to determine how APTs have evolved from 2013.

"APTs are stealthy, relentless and single-minded, and their primary purpose is to extract information such as valuable research, intellectual property or government data," said Queensland-based Tony Hayes, ISACA's immediate past international president. "In other words, it is absolutely critical for enterprises to prepare for them, and that preparation requires more than the traditional technical controls."

The majority of responding organisations say their primary APT defence is technical controls such as firewalls, access lists and antivirus, which are critical for defending against traditional threats, but not sufficient for preventing APT attacks.

Nearly 40% of enterprises report that they are not using user security training and controls to defend against APT - a critical component of a successful cybersecurity plan.

Worse yet, more than 70% are not using mobile controls, even though 88% of respondents recognise that employees' mobile devices are often the gateway to an APT attack.

While more enterprises report that they are adjusting vendor management practices (23%) and incident response plans (56%) to address APTs this year, the numbers still need significant improvement.

"The good news is that more enterprises are attempting to better prepare for the APT this year," said Robert Stroud, international president of ISACA and a vice president at CA Technologies. "The bad news is that there is still a big knowledge gap regarding APTs and how to defend against them, and more security training is critically needed."

Related Articles

Strategies for navigating Java vulnerabilities

Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...

Not all cyber risk is created equal

The key to mitigating cyber exposure lies in preventing breaches before they happen.

How AI can help businesses manage their cyber risks

Artificial intelligence can be a powerful ally in the fight against cyberthreats.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd