The results of the ISMG Advanced Persistent Threats Survey bring home a stark reality.
Despite significant investments organizations have made in traditional security solutions, such as anti-virus, intrusion detection and encryption, they still are falling victim to costly security incidents as a result of APT. Whether through endpoint devices on the desktop, mobile devices or third parties, these sophisticated attacks are succeeding at disrupting organizations and exfiltrating data.
What is the cost of these incidents? System downtime, loss or compromise of data and the compromise of credentials, which leads to significant long-term loss - financial as well as reputational.
The sophistication of these attacks is a daunting factor. The "low and slow" approach of the APT makes it challenging to detect. But equally challenging is the lack of APT awareness among employees who fall victim to the social engineering tactics of these attacks. When it comes to APT awareness and training, 63 percent of organizations self-assess themselves at a grade of C or below.
Overall, how do you assess your organization's current ability to defend against APT?
There is encouraging news. Some 90 percent of survey respondents expect to receive the same or more budget to defend against APT in the year ahead. And they have plans to invest in areas such as new technology solutions and security threat intelligence.
Among the three hot topics we explore in depth in this report:
- APT: The Impact - Where are organizations seeing the heaviest impact from APT, and where are they most vulnerable?
- Exploiting the 'D' in Defense - What are organizations currently doing to detect and prevent incidents as a result of APT - and why aren't these defenses adequate?
- The Defense Agenda - Recognizing their vulnerabilities, how do organizations plan to invest their resources in the year ahead?