Organisations not prepared for advanced cyberthreats

ISACA research shows 1 in 5 enterprises experienced an APT attack; 1 in 3 of those don’t know the origin.

  • 10 years ago Posted in

An ISACA global study shows that one in 5 organisations (21 percent) have experienced an advanced persistent threat (APT) attack, and 66 percent believe it’s only a matter of time before their enterprise is hit by an APT. Yet only 15 percent of enterprises believe they are very prepared for an APT attack. And among the companies that have been attacked, only one in three could determine the source.


ISACA, a global association serving 115,000 IT security, risk, assurance and governance professionals, conducted the study of 1,220 security professionals to determine how APTs have evolved from 2013. The 2014 APT study is the first research project released as part of ISACA’s new Cybersecurity Nexus.


“APTs are stealthy, relentless and single-minded, and their primary purpose is to extract information such as valuable research, intellectual property or government data,” said Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, ISACA’s immediate past international president. “In other words, it is absolutely critical for enterprises to prepare for them, and that preparation requires more than the traditional technical controls.”


The majority of responding organisations say their primary APT defense is technical controls such as firewalls, access lists and anti-virus, which are critical for defending against traditional treats, but not sufficient for preventing APT attacks. Nearly 40 percent of enterprises report that they are not using user security training and controls to defend against APTs—a critical component of a successful cybersecurity plan. Worse yet, more than 70 percent are not using mobile controls, even though 88 percent of respondents recognise that employees’ mobile devices are often the gateway to an APT attack.


While more enterprises report that they are adjusting vendor management practices (23 percent) and incident response plans (56 percent) to address APTs this year, the numbers still need significant improvement.


"ISACA's latest research shows a positive trend in terms of APT awareness and making changes to improve protection,” said Steven Babb, international vice president of ISACA. “There remains, however, work to be done to ensure that APT's are fully understood and that investment to mitigate this risk is focused in the right areas. ISACA's recently launched Cybersecurity Nexus programme has been devised to help address Cybersecurity challenges, including APT's."
 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...