Presentation is loading. Please wait.

Presentation is loading. Please wait.

Study Results Advanced Persistent Threat Awareness.

Published byAshlyn Gilbert Modified over 8 years ago

Similar presentations

Presentation on theme: "Study Results Advanced Persistent Threat Awareness."— Presentation transcript:

1 Study Results Advanced Persistent Threat Awareness

2 The 2010 Google Aurora attack forever changed the way we look at Internet security. This large-scale, sophisticated attack showed us that all sectors, from private to public, are vulnerable to a new class of security breach: The Advanced Persistent Threat © 2013 ISACA. All rights reserved

3 3 in its adaptability, APTs were once thought to be limited to attacks on government networks. APTs exploit zero-day threats – unknown weakness. APTs also often take the form of well-designed spear fishing attacks. © 2013 ISACA. All rights reserved ADVANCED, STEALTHY AND CHAMELEON-LIKE

4 4 The 2011 RSA SecurID attack was attributed to an APT. So was the Internet worm “Flame.” Following the Google attacks* similar targeted intrusions quickly followed, garnering media scrutiny – and growing concern that the APT was more damaging than it seemed. *Google attacks affected nearly three dozen well-known tech, finance and defense enterprises © 2013 ISACA. All rights reserved

5 5 How well do security professionals understand APTs? How are they affecting different industries and organizations throughout the world? What is being done to prevent them? In Q4 of 2012, ISACA launched the APT Awareness Survey to find out. © 2013 ISACA. All rights reserved

6 6 So ISACA asked 1,500 people worldwide – from tech service consultants, to people in the banking industry – about APTs. 19 % Asia 32 % 8%8% 3%3% 38 % Europe / Africa North America Latin America Oceania © 2013 ISACA. All rights reserved

7 7 42.5% of respondents were familiar… 28.6%, somewhat familiar… And only 25.1% very familiar about APTs. Overall, 96.2% were somewhat familiar with APTs… But most importantly: AWARENESS of respondents understood APTs as a very credible, serious threat to national security and economic stability. 93.6% 25 % 42 % 29 % 4%4% Very Familiar Familiar Somewhat Familiar Not at All Familiar © 2013 ISACA. All rights reserved

8 8 Just 46.6% of respondents believed that APTs were a unique threat. And more than half (53.4%) believe this advanced set of threats is no different to what they’ve been dealing with in the past. WHAT DOES THIS MEAN? 53 % Similar 47 % Unique © 2013 ISACA. All rights reserved

9 There’s a huge disconnect in the IT industry about APTs … A lack of understanding and education. © 2013 ISACA. All rights reserved

10 10 Highest Risks on Enterprises from APTs Other key highlights 89.7% of respondents believe the use of social networking sites like Facebook or Twitter increases the likelihood of a successful APT attack. BELIEVE THAT 87.3% JAILBREAKS, ROOTING & BYOD GREATLY INCREASE THE CHANCES OF AN APT OCCURRING. © 2013 ISACA. All rights reserved

11 11 Although just 21.6% of respondents reported having been victims of an APT attack 63% – three times that amount – believe it’s only a matter of time before their business is targeted. Suffering with an APT 63% BELIEVE IT’S ONLY A MATTER OF TIME BEFORE THEIR BUSINESS IS TARGETED. © 2013 ISACA. All rights reserved

12 12 The majority of survey takers – up to 60% – believed that they have the ability to ID, respond to and stop a successful APT attack. 31.1% said they have incident management plans in place to fight an APT. 49.5% are prepared, but without a concrete solution. Detect APT Attacks Respond to APT Attacks Stop a Successful Attack 0%20%40%60% How able is your enterprise to deal with an APT attack? Very Able Able Not Able Not at All Able © 2013 ISACA. All rights reserved

13 How are people handling the threats? Most respondents are using technology in a risk based layered approach to prevent and combat APTs. 94.9% Anti-Virus / Anti-Malware 92.8% Network Tech (Firewalls, etc.) 71.2% IPS © 2013 ISACA. All rights reserved

14 14 There aren’t enough precautions being taken against the threat of an APT. Up to 81.8% of survey takers have not updated their agreements with vendors who provide protection against APT. And 67.3% reported that they haven’t held any APT awareness training programs for their employees. A Troubling Lack of Initiative Has your enterprise increased security training as a result of APTs? Very Likely Likely Not Very likely Not at All Likely 0%20%40%60%80% © 2013 ISACA. All rights reserved Yes No

15 APTs are serious threats. We need more consideration to their consequences. Enterprises must adopt more technology awareness training, vendor management, incident management and increased attention from executives. © 2013 ISACA. All rights reserved

16 16 Advanced Persistent Threats differ from the traditional, average virus, and need to be classified as such. Many enterprises and companies have made some positive inroads into fighting APTs, like better security management. But there’s still a lack of cohesion and understanding to what APTs are and how to defend against them. Market conditions have not sufficiently changed, and the technology to fight APTs isn’t fully evolved yet. Conclusion But there’s still a lack of cohesion and understanding to what APTs are and how to defend against them. © 2013 ISACA. All rights reserved

17 ISACA is here to serve its members against any security breach – especially the Advanced Persistent Threat. A series of educational products to address challenges in cyber security, and guard against APTs, is currently in development. Take Action Against APTs To learn more visit us at WWW.ISACA.ORG/CYBERSECURITY

18 QUESTIONS & COMMENTS © 2013 ISACA. All rights reserved

Download ppt "Study Results Advanced Persistent Threat Awareness."

Similar presentations

Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel:+230 201 36 04 Helpdesk:+230.

Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel: Helpdesk:+230.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
PEOPLE’S REPUBLIC OF HACKING By: Lani N, Ashley R, Michael R, Gregory R.

PEOPLE’S REPUBLIC OF HACKING By: Lani N, Ashley R, Michael R, Gregory R.
1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.

1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.
Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.

Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
NUS Entrepreneurship Centre IT Usage for Direct Exports by SMEs: Comments International Seminar Information Technology for Development of SMEs in East.

NUS Entrepreneurship Centre IT Usage for Direct Exports by SMEs: Comments International Seminar Information Technology for Development of SMEs in East.
Third Annual Shopping on the Job: ISACA’s Online Holiday Shopping and Workplace Internet Safety Survey Commissioned by ISACA (www.isaca.org) November 2010.

Third Annual Shopping on the Job: ISACA’s Online Holiday Shopping and Workplace Internet Safety Survey Commissioned by ISACA ( November 2010.
Joel Maloff Phone.com February, 2012.

Joel Maloff Phone.com February, 2012.
Norman Endpoint Protection Advanced security made easy.

Norman Endpoint Protection Advanced security made easy.
Introduction to Network Defense

Introduction to Network Defense
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
To Protect What Matters!! Protection Against Computer Virus Unit portfolio presentation by Saira Imtiaz.

To Protect What Matters!! Protection Against Computer Virus Unit portfolio presentation by Saira Imtiaz.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Similar presentations

Ads by Google