1 in 5 enterprises have experienced an APT attack


Tuesday, 15 July, 2014

1 in 5 enterprises have experienced an APT attack

A global study shows that one in five organisations (21%) have experienced an advanced persistent threat (APT) attack, and 66% believe it's only a matter of time before their enterprise is hit by an APT.

Yet only 15% of enterprises believe they are very prepared for an APT attack. And among the companies that have been attacked, only one in three could determine the source.

ISACA, a global association serving 115,000 IT security, risk, assurance and governance professionals, conducted the study of 1220 security professionals to determine how APTs have evolved from 2013.

"APTs are stealthy, relentless and single-minded, and their primary purpose is to extract information such as valuable research, intellectual property or government data," said Queensland-based Tony Hayes, ISACA's immediate past international president. "In other words, it is absolutely critical for enterprises to prepare for them, and that preparation requires more than the traditional technical controls."

The majority of responding organisations say their primary APT defence is technical controls such as firewalls, access lists and antivirus, which are critical for defending against traditional threats, but not sufficient for preventing APT attacks.

Nearly 40% of enterprises report that they are not using user security training and controls to defend against APT - a critical component of a successful cybersecurity plan.

Worse yet, more than 70% are not using mobile controls, even though 88% of respondents recognise that employees' mobile devices are often the gateway to an APT attack.

While more enterprises report that they are adjusting vendor management practices (23%) and incident response plans (56%) to address APTs this year, the numbers still need significant improvement.

"The good news is that more enterprises are attempting to better prepare for the APT this year," said Robert Stroud, international president of ISACA and a vice president at CA Technologies. "The bad news is that there is still a big knowledge gap regarding APTs and how to defend against them, and more security training is critically needed."

Related Articles

Secure-by-design software development for digital innovation

The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...

Bolstering AI-powered cybersecurity in the face of increasing threats

The escalation of complex cyber risks is becoming a pressing issue for those in business...

How attackers are weaponising GenAI through data poisoning and manipulation

The possibility for shared large language models to be manipulated through data poisoning...

Content from other channels on our network

Shoalhaven City Council uses AI to deliver safer roads to the community

Smart technologies: helping councils improve community services and sustainability

Infrastructure projects a funding black hole without asset management

Gartner announces top government technology trends

Fujitsu establishes security consulting division

EV future for Monash Uni

Shell Cove battery launched on NSW South Coast

Million-dollar rooftop solar for Kimberley hospital

Protecting wildlife from electrical assets — and vice versa

Immersive VR training for electricians

Robotic lab enhances battery manufacturing

Machine learning used to create fabric-based touch sensor

Hybrid sodium-ion battery can be charged in a few minutes

Researchers develop energy-efficient probabilistic computer

Wearable sensor measures real skin feel

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd