|[July 09, 2014]
ISACA Global Study: Organizations Not Prepared for Advanced Cyberthreats
ROLLING MEADOWS, Ill. --(Business Wire)--
An ISACA global
study released today shows that one in 5 organizations (21 percent)
have experienced an advanced persistent threat (APT (News - Alert)) attack, and 66
percent believe it's only a matter of time before their enterprise is
hit by an APT. Yet only 15 percent of enterprises believe they are very
prepared for an APT attack. And among the companies that have been
attacked, only one in three could determine the source.
ISACA, a global association serving 115,000 IT security, risk, assurance
and governance professionals, conducted the study of 1,220 security
professionals to determine how APTs have evolved from 2013. The 2014 APT
study is the first research project released as part of ISACA's new Cybersecurity
"APTs are stealthy, relentless and single-minded, and their primary
purpose is to extract information such as valuable research,
intellectual property or government data," said Tony Hayes, CGEIT,
AFCHSE, CHE, FACS, FCPA, FIIA, ISACA's immediate past international
president. "In other words, it is absolutely critical for enterprises to
prepare for them, and that preparation requires more than the
traditional technical controls."
The majority of responding organizations say their primary APT defense
is technical controls such as firewalls, access lists and anti-virus,
which are critical for defending against traditional treats, but not
sufficient for preventin APT attacks. Nearly 40 percent of enterprises
report that they are not using user security training and controls to
defend against APTs-a critical component of a successful cybersecurity
plan. Worse yet, more than 70 percent are not using mobile controls,
even though 88 percent of respondents recognize that employees' mobile
devices are often the gateway to an APT attack.
While more enterprises report that they are adjusting vendor management
practices (23 percent) and incident response plans (56 percent) to
address APTs this year, the numbers still need significant improvement.
"The good news is that more enterprises are attempting to better prepare
for the APT this year," said Robert Stroud, CGEIT, CRISC, international
president of ISACA and a vice president at CA Technologies (News - Alert). "The bad
news is that there is still a big knowledge gap regarding APTs and how
to defend against them-and more security training is critically needed."
The full APT study report is available at http://www.isaca.org/apt-wp.
Additional guidance on APTs will be discussed in more depth in a free
ISACA webinar on 30 September, titled Advanced Persistent Threats.
Additional cybersecurity resources, including a guide on defending
against APTs, are available at www.isaca.org/cyber.
With more than 115,000 constituents in 180 countries, ISACA® (www.isaca.org)
helps business and IT leaders build trust in, and value from,
information and information systems. Established in 1969, ISACA is the
trusted source of knowledge, standards, networking, and career
development for information systems audit, assurance, security, risk,
privacy and governance professionals. ISACA offers the Cybersecurity
Nexus™, a comprehensive set of resources for cybersecurity
professionals, and COBIT®, a business framework that helps
enterprises govern and manage their information and technology. ISACA
also advances and validates business-critical skills and knowledge
through the globally respected Certified Information Systems Auditor®
(CISA®), Certified Information Security Manager®
(CISM®), Certified in the Governance of Enterprise IT®
(CGEIT®) and Certified in Risk and Information Systems Control™
(CRISC™) credentials. The association has more than 200
Follow ISACA on Twitter (News - Alert): https://twitter.com/ISACANews
[ InfoTech Spotlight's Homepage ]