The vast majority of businesses aren't protecting themselves from the next big type of cyberthreat, called advanced persistent threats (APTs), a new study shows.
"APTs are stealthy, relentless and single-minded, and their primary purpose is to extract information such as valuable research, intellectual property or government data," Tony Hayes, immediate past international president of the ISACA, the nonprofit organization for IT professionals that conducted the study, said in a statement. "In other words, it is absolutely critical for enterprises to prepare for them, and that preparation requires more than the traditional technical controls."
The ISACA study found that even though 21 percent of organizations have already experienced an APT, and 66 percent think it's only a matter of time before they're hit by an APT, just 15 percent of companies think they are prepared for such an attack.
The research revealed that the primary APT defense tactics used by most of the organizations surveyed are technical controls, such as firewalls, access lists and antivirus software. Although those tactics are critical for defending against traditional threats, like viruses or phishing attacks, they are not sufficient for preventing APT attacks, the ISACA said.
[For a side-by-side comparison of the best antivirus software visit our sister site Top Ten Reviews.]
Nearly 40 percent of the businesses surveyed reported that they are not using user security training and controls to defend against APTs, a critical component of a successful cybersecurity plan. Additionally, more than 70 percent are not using mobile controls, even though 88 percent of those surveyed recognize that employees' mobile devices are often the gateway to an APT attack.
ISACA researchers said that although 23 percent of organizations are adjusting vendor management practices and 56 percent are altering incident-response plans to address APTs this year, more companies still need to do so.
"The good news is that more enterprises are attempting to better prepare for the APT this year," said Robert Stroud, international president of ISACA and a vice president at CA Technologies, a provider of IT management software. "The bad news is that there is still a big knowledge gap regarding APTs and how to defend against them — and more security training is critically needed."
The study was based on surveys of 1,220 security professionals.
Originally published on Business News Daily.