Presentation is loading. Please wait.

Presentation is loading. Please wait.

Study Results Advanced Persistent Threat Awareness.

Similar presentations


Presentation on theme: "Study Results Advanced Persistent Threat Awareness."— Presentation transcript:

1 Study Results Advanced Persistent Threat Awareness

2 The 2010 Google Aurora attack forever changed the way we look at Internet security. This large-scale, sophisticated attack showed us that all sectors, from private to public, are vulnerable to a new class of security breach: The Advanced Persistent Threat © 2013 ISACA. All rights reserved

3 3 in its adaptability, APTs were once thought to be limited to attacks on government networks. APTs exploit zero-day threats – unknown weakness. APTs also often take the form of well-designed spear fishing attacks. © 2013 ISACA. All rights reserved ADVANCED, STEALTHY AND CHAMELEON-LIKE

4 4 The 2011 RSA SecurID attack was attributed to an APT. So was the Internet worm “Flame.” Following the Google attacks* similar targeted intrusions quickly followed, garnering media scrutiny – and growing concern that the APT was more damaging than it seemed. *Google attacks affected nearly three dozen well-known tech, finance and defense enterprises © 2013 ISACA. All rights reserved

5 5 How well do security professionals understand APTs? How are they affecting different industries and organizations throughout the world? What is being done to prevent them? In Q4 of 2012, ISACA launched the APT Awareness Survey to find out. © 2013 ISACA. All rights reserved

6 6 So ISACA asked 1,500 people worldwide – from tech service consultants, to people in the banking industry – about APTs. 19 % Asia 32 % 8%8% 3%3% 38 % Europe / Africa North America Latin America Oceania © 2013 ISACA. All rights reserved

7 7 42.5% of respondents were familiar… 28.6%, somewhat familiar… And only 25.1% very familiar about APTs. Overall, 96.2% were somewhat familiar with APTs… But most importantly: AWARENESS of respondents understood APTs as a very credible, serious threat to national security and economic stability. 93.6% 25 % 42 % 29 % 4%4% Very Familiar Familiar Somewhat Familiar Not at All Familiar © 2013 ISACA. All rights reserved

8 8 Just 46.6% of respondents believed that APTs were a unique threat. And more than half (53.4%) believe this advanced set of threats is no different to what they’ve been dealing with in the past. WHAT DOES THIS MEAN? 53 % Similar 47 % Unique © 2013 ISACA. All rights reserved

9 There’s a huge disconnect in the IT industry about APTs … A lack of understanding and education. © 2013 ISACA. All rights reserved

10 10 Highest Risks on Enterprises from APTs Other key highlights 89.7% of respondents believe the use of social networking sites like Facebook or Twitter increases the likelihood of a successful APT attack. BELIEVE THAT 87.3% JAILBREAKS, ROOTING & BYOD GREATLY INCREASE THE CHANCES OF AN APT OCCURRING. © 2013 ISACA. All rights reserved

11 11 Although just 21.6% of respondents reported having been victims of an APT attack 63% – three times that amount – believe it’s only a matter of time before their business is targeted. Suffering with an APT 63% BELIEVE IT’S ONLY A MATTER OF TIME BEFORE THEIR BUSINESS IS TARGETED. © 2013 ISACA. All rights reserved

12 12 The majority of survey takers – up to 60% – believed that they have the ability to ID, respond to and stop a successful APT attack. 31.1% said they have incident management plans in place to fight an APT. 49.5% are prepared, but without a concrete solution. Detect APT Attacks Respond to APT Attacks Stop a Successful Attack 0%20%40%60% How able is your enterprise to deal with an APT attack? Very Able Able Not Able Not at All Able © 2013 ISACA. All rights reserved

13 How are people handling the threats? Most respondents are using technology in a risk based layered approach to prevent and combat APTs. 94.9% Anti-Virus / Anti-Malware 92.8% Network Tech (Firewalls, etc.) 71.2% IPS © 2013 ISACA. All rights reserved

14 14 There aren’t enough precautions being taken against the threat of an APT. Up to 81.8% of survey takers have not updated their agreements with vendors who provide protection against APT. And 67.3% reported that they haven’t held any APT awareness training programs for their employees. A Troubling Lack of Initiative Has your enterprise increased security training as a result of APTs? Very Likely Likely Not Very likely Not at All Likely 0%20%40%60%80% © 2013 ISACA. All rights reserved Yes No

15 APTs are serious threats. We need more consideration to their consequences. Enterprises must adopt more technology awareness training, vendor management, incident management and increased attention from executives. © 2013 ISACA. All rights reserved

16 16 Advanced Persistent Threats differ from the traditional, average virus, and need to be classified as such. Many enterprises and companies have made some positive inroads into fighting APTs, like better security management. But there’s still a lack of cohesion and understanding to what APTs are and how to defend against them. Market conditions have not sufficiently changed, and the technology to fight APTs isn’t fully evolved yet. Conclusion But there’s still a lack of cohesion and understanding to what APTs are and how to defend against them. © 2013 ISACA. All rights reserved

17 ISACA is here to serve its members against any security breach – especially the Advanced Persistent Threat. A series of educational products to address challenges in cyber security, and guard against APTs, is currently in development. Take Action Against APTs To learn more visit us at WWW.ISACA.ORG/CYBERSECURITY

18 QUESTIONS & COMMENTS © 2013 ISACA. All rights reserved


Download ppt "Study Results Advanced Persistent Threat Awareness."

Similar presentations


Ads by Google