Home / / Organisations not ready for APTs says ISACA

Organisations not ready for APTs says ISACA

ISACA survey shows awareness of APTs, but many IT departments are not well prepared to tackle them

Organisations not ready for APTs says ISACA
The ISACA survey suggests that most security professionals are still not prepared to tackle APTs.

There is growing familiarity with advanced persistent threats among IT security professionals, but many organisations are still not adequately prepared to deal with them, according to a survey by ISACA.

One in five of the organisations surveyed said they had been targeted by APT, but only 60% think they are prepared to deal with APTs. Fifteen percent felt they were ‘very prepared' with a documented and tested plan in place for APTs.

The global survey, now in its second year, canvassed 1,200 Certified Information Security Managers (CISMs) and other information security professionals across 20 industry sectors. Almost all of the respondents said they were somewhat familiar with APTs, and two-thirds expected their organisation to be targeted by APT at some point in time.

Loss of personally identifiable information regarding employees or customers was ranked as the highest risk at 27% percent followed by loss of enterprise intellectual property, at 24%.

"APTs are stealthy, relentless and single-minded, and their primary purpose is to extract information such as valuable research, intellectual property or government data," said Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, ISACA's immediate past international president. "In other words, it is absolutely critical for enterprises to prepare for them, and that preparation requires more than the traditional technical controls."

Nearly 40% of enterprises report that they are not using user security training and controls to defend against APTs-a critical component of a successful cybersecurity plan. Worse yet, more than 70% are not using mobile controls, even though 88% of respondents recognise that employees' mobile devices are often the gateway to an APT attack. Firewalls, access lists and anti-virus applications were cited as the most common forms of defence. Only one third have increased awareness training related to APTs.

"The good news is that more enterprises are attempting to better prepare for the APT this year," said Robert Stroud, CGEIT, CRISC, international president of ISACA and a vice president at CA Technologies. "The bad news is that there is still a big knowledge gap regarding APTs and how to defend against them-and more security training is critically needed."

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.