1. Business Ideas
  2. Business Plans
  3. Startup Basics
  4. Startup Funding
  5. Franchising
  6. Success Stories
  7. Entrepreneurs
  1. Sales & Marketing
  2. Finances
  3. Your Team
  4. Technology
  5. Social Media
  6. Security
  1. Get the Job
  2. Get Ahead
  3. Office Life
  4. Work-Life Balance
  5. Home Office
  1. Leadership
  2. Women in Business
  3. Managing
  4. Strategy
  5. Personal Growth
  1. HR Solutions
  2. Financial Solutions
  3. Marketing Solutions
  4. Security Solutions
  5. Retail Solutions
  6. SMB Solutions
Grow Your Business Security

APTs ... Your Next Security Worry. How to Prepare

APTs ... Your Next Security Worry. How to Prepare
Credit: Lightspring/Shutterstock

The vast majority of businesses aren't protecting themselves from the next big type of cyberthreat, called advanced persistent threats (APTs), a new study shows.

"APTs are stealthy, relentless and single-minded, and their primary purpose is to extract information such as valuable research, intellectual property or government data," Tony Hayes, immediate past international president of the ISACA, the nonprofit organization for IT professionals that conducted the study, said in a statement. "In other words, it is absolutely critical for enterprises to prepare for them, and that preparation requires more than the traditional technical controls."

The ISACA study found that even though 21 percent of organizations have already experienced an APT, and 66 percent think it's only a matter of time before they're hit by an APT, just 15 percent of companies think they are prepared for such an attack.

The research revealed that the primary APT defense tactics used by most of the organizations surveyed are technical controls, such as firewalls, access lists and antivirus software. Although those tactics are critical for defending against traditional threats, like viruses or phishing attacks, they are not sufficient for preventing APT attacks, the ISACA said.

[For a side-by-side comparison of the best antivirus software visit our sister site Top Ten Reviews.]

Nearly 40 percent of the businesses surveyed reported that they are not using user security training and controls to defend against APTs, a critical component of a successful cybersecurity plan. Additionally, more than 70 percent are not using mobile controls, even though 88 percent of those surveyed recognize that employees' mobile devices are often the gateway to an APT attack.

ISACA researchers said that although 23 percent of organizations are adjusting vendor management practices and 56 percent are altering incident-response plans to address APTs this year, more companies still need to do so.

"The good news is that more enterprises are attempting to better prepare for the APT this year," said Robert Stroud, international president of ISACA and a vice president at CA Technologies, a provider of IT management software. "The bad news is that there is still a big knowledge gap regarding APTs and how to defend against them — and more security training is critically needed."

The study was based on surveys of 1,220 security professionals.

Originally published on Business News Daily.

Chad  Brooks
Chad Brooks

Chad Brooks is a Chicago-based freelance writer who has nearly 15 years experience in the media business. A graduate of Indiana University, he spent nearly a decade as a staff reporter for the Daily Herald in suburban Chicago, covering a wide array of topics including, local and state government, crime, the legal system and education. Following his years at the newspaper Chad worked in public relations, helping promote small businesses throughout the U.S. Follow him on Twitter.