More than one in five enterprises have experienced Internet-based espionage called advanced persistent threat (APT) attacks, according to a global cybersecurity survey conducted by the Information Systems Audit and Control Association (ISACA) this week.
APT attacks, as their name suggests, are advanced and persistent attacks against enterprises, usually with the goals of intellectual property theft and the unauthorised access of sensitive information.
Because APT attacks use a variety of sophisticated and well-orchestrated techniques, they are commonly the work of organised groups, such as a foreign government, instead of “script kiddies”.
These attacks have made headlines in recent times, such as the “Aurora” attacks against Google in 2010.
According to ISACA’s survey, 60 per cent of the 1,500 respondents believe that it is only a matter of time before their enterprise is targeted by APTs.
Yet, 53 per cent do not believe that APT attacks differ from traditional threats, thinking that they can be dealt with through the same traditional measures such as anti-malware software and firewalls.
This is a concer, as APT attacks have been known to avoid these types of controls, according to ISACA, a non-profit association for IT security and governance.
“APTs are sophisticated, stealthy and unrelenting,” said Christos Dimitriadis, international vice president of ISACA, in a statement on Tuesday. “An APT will continually attempt to penetrate the desired target until it meets its objective — and once it does, it can disguise itself and morph when needed, making it difficult to identify or stop.”
The situation is further complicated by the BYOD (bring-your-own-device) trend, which could potentially bring hundreds of unsecured devices into enterprise environments and provide points of attack.
“APTs call for many defensive approaches, from awareness training and amending third-party agreements to ensure vendors are well-protected, to implementing technical controls,” said Jo Stewart-Rattray, director of ISACA.
The survey was sponsored by Trend Micro, and the full report can be downloaded here.