Endpoint cybercrime prevention specialist Trusteer, an IBM company, has announced the results of a recent study on the State of Targeted Attacks. It took into consideration the feedback from over 750 IT and IT security practitioners who have involvement in defensive efforts against APTs launched at their organisations. Some key findings include:
· Top consequences of advanced attacks are IT downtime, business interruption, exfiltration of sensitive data and theft of intellectual property
· 51% felt their organisations do not effectively detect advanced threats
· 87% said company execs were not aware of APT threats
· 93% said malware was the source of an APT attack
· 68% said zero day attacks are their organisations’ greatest threats
· Java and Adobe Readers pose the most risk
· Better technology controls are needed
“While this study shows that organisations are becoming much more aware of targeted attacks more so than a few years ago, it’s also become apparent that current technologies just aren’t working well enough and are being bypassed by targeted attacks,” said George Tubin, senior security strategist at Trusteer, an IBM company. “It indicates a need for better technology, but at the same time IT and security staff aren’t given the budget they feel they need to support this and that needs to change.”
The top six approaches to detecting APTs are: intrusion detection systems (IDS), anti-virus (AV)/anti-malware software, intrusion prevention systems (IPS), managed or outsourced security provider, event correlation software and network or traffic intelligence software. According to the study, intrusion detection systems came out on top, with 85% of respondents saying that this was the method that most helped them detect an APT. Yet, it took an average of 225 days to detect an APT that had been launched against their organisations and a staggering 63% claimed to have discovered an APT completely by accident.
The study also found that, according to almost 80% of the respondents, Java is an organisation’s most serious vulnerability and the most difficult application when it comes to ensuring all security patches have been fully implemented in a timely manner. Seventy three percent of respondents even claimed that “If I could, I would discontinue using Java;” but 55% said it was nearly impossible to replace it with a less risky alternative. Adobe Reader was a close second and considered more difficult to patch than Windows, Flash, Chrome, Android, Mac OSX, Safari, Firefox, Internet Explorer and Microsoft Word.
The figures here are interesting because Android has seen a significant amount of press lately pointing to its vulnerabilities. When in practice, IT and security professionals actually find Java, Adobe Reader, Windows, Flash and Chrome all more difficult than Android to secure. And despite the risks, 75% of those surveyed said their companies continued to operate one or more of these applications in the production environment knowing that vulnerabilities exist and a viable security patch is unavailable.
The survey also highlights how IT and IT security professional believe their organisations are unprepared to deal with advanced threats, with 68% citing they have inadequate budget resources and 65% saying that security personnel were inadequate. On average, nine APT related incidents are seen in a year and over 70% of respondents admitted that exploits and malware evaded their IDS and AV solutions.
Exfiltration of confidential information is often given the most importance in terms of consequences of advanced targeted attacks, but for IT professionals, the most experienced consequence is IT downtime and business interruption. Interestingly, 17% had been issued data breach fines as a result of an APT attack.
To read the full report please visit:
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.