An IT company has announced results of a recent study on the State of Targeted Attacks. It took into consideration the feedback from over 750 IT and IT security practitioners who have involvement in defensive efforts against APTs launched at their organisations.
Some findings by Trusteer, an IBM company, include:
· Top consequences of advanced attacks are IT downtime, business interruption, exfiltration of sensitive data and theft of intellectual property
· 51 per cent felt their organisations do not effectively detect advanced threats
· 87 per cent said company execs were not aware of APT threats
· 93 per cent said malware was the source of an APT attack
· 68 per cent said zero day attacks are their organisations’ greatest threats
· Java and Adobe Readers pose the most risk
· Better technology controls are needed.
George Tubin, senior security strategist at Trusteer, said: “While this study shows that organisations are becoming much more aware of targeted attacks more so than a few years ago, it’s also become apparent that current technologies just aren’t working well enough and are being bypassed by targeted attacks. It indicates a need for better technology, but at the same time IT and security staff aren’t given the budget they feel they need to support this and that needs to change.”
The top six approaches to detecting APTs are: intrusion detection systems (IDS), anti-virus (AV)/anti-malware software, intrusion prevention systems (IPS), managed or outsourced security provider, event correlation software and network or traffic intelligence software. According to the study, intrusion detection systems came out on top, with 85 per cent of respondents saying that this was the method that most helped them detect an APT. Yet, it took an average of 225 days to detect an APT that had been launched against their organisations and a staggering 63 per cent claimed to have discovered an APT completely by accident.
The study also found that, according to almost 80 per cent of the respondents, Java is an organisation’s most serious vulnerability and the most difficult application when it comes to ensuring all security patches have been fully implemented in a timely manner. Seventy three percent of respondents even claimed that “If I could, I would discontinue using Java;” but 55 per cent said it was nearly impossible to replace it with a less risky alternative. Adobe Reader was a close second and considered more difficult to patch than Windows, Flash, Chrome, Android, Mac OSX, Safari, Firefox, Internet Explorer and Microsoft Word.
The figures here are interesting because Android has seen a significant amount of press lately pointing to its vulnerabilities. When in practice, IT and security professionals actually find Java, Adobe Reader, Windows, Flash and Chrome all more difficult than Android to secure. And despite the risks, 75 per cent of those surveyed said their companies continued to operate one or more of these applications in the production environment knowing that vulnerabilities exist and a viable security patch is unavailable.
The survey also highlights how IT and IT security professional believe their organisations are unprepared to deal with advanced threats, with 68 per cent citing they have inadequate budget resources and 65 per cent saying that security personnel were inadequate. On average, nine APT related incidents are seen in a year and over 70 per cent of respondents admitted that exploits and malware evaded their IDS and AV solutions.
Exfiltration of confidential information is often given the most importance in terms of consequences of advanced targeted attacks, but for IT professionals, the most experienced consequence is IT downtime and business interruption. Some one in six, 17 per cent had been issued data breach fines as a result of an APT attack.
