The document discusses the results of a study on advanced persistent threats (APTs) conducted by ISACA. Some key findings include:
- Awareness of APTs has increased since 2014, though awareness may have regressed slightly in 2015. Over 90% of information security professionals surveyed said they were familiar with APTs.
- Most respondents believe their organizations have not been directly targeted by an APT, but nearly three-quarters feel their organizations will likely be targeted in the future.
- Perceptions of APTs have shifted from seeing them as unique threats to seeing them as similar to traditional cyber threats. Increased familiarity may be contributing to this shift in view.
- Improvements have
1. Study Results
Advanced persistent threats (APTs) continue to enjoy the spotlight in the
wake of their successful use to launch several high-profile data breaches. The
fourth in a series of ISACA studies designed to uncover information security
professionals’ understanding and opinions of APTs, technical controls, internal
incidents, policy adherence and management support, this report reveals
positive trends since the 2014 survey. Improvements can be seen in the level
of awareness of the unique aspects of APTs and the benefits of addressing
them through a variety of countermeasures. A strong correlation clearly exists
between the perceived likelihood of an APT attack on the enterprise and the
enterprise’s adoption of improved cybersecurity practices. Yet, not all avenues
for APT intrusion are fully locked down. Mobile device security is lagging, despite
acknowledgment that the “bring your own device” (BYOD) trend increases
APT risk, and a preference is seen for technical controls over education and
training, even though many successful APT attacks gain entry by manipulating
individuals’ innate trust and/or lack of understanding.
2015 Advanced
Persistent Threat
Awareness—
Third Annual
www.isaca.org/cyber