Previously known as the Information Systems Audit and Control Association, ISACA is an international professional association focused on IT Governance.
An APT is a form of cybercriminal activity targeting political institutions and businesses. They require a high degree of preparation over a varying period of time in order to gain success. Their objectives tend to surpass immediate financial gains, with attackers working in a stealthy manner to ensure compromised systems remain accessible after any initial goals have been reached.
More than 60% of respondents believe an APT is inevitable. Attacks are often intended to steal intellectual property and have made headlines in recent years following breaches in the networks of governments and major enterprises worldwide.
"APTs are sophisticated, stealthy and unrelenting," says Christos Dimitriadis, International Vice President of ISACA and Head of Information Security at Intralot Group.
"Traditional cyberthreats often move right on if they cannot penetrate their initial target, but an APT will continually attempt to penetrate the desired target until it meets its objective - and once it does, it can disguise itself and morph when needed, making it difficult to identify or stop."
Over 60% of experts surveyed feel ready to respond to APT attacks, although antivirus/antimalware (95%) and firewalls (93%) top the list of solutions their enterprises are employing to prevent ATPs. This is a concerning finding since advanced persistent threats are known to evade such measures. The study also shows that while mobile security controls are more effective, they are used much less frequently.
2013 already the 'year of the hack'?
"We are only in February and already we can declare 2013 as the year of the hack," said Tom Kellermann, CISM, trusted advisor to the US government and vice president of cyber security for Trend Micro. "ISACA's research reveals that enterprises are under attack and they don't even know it. Bringing this awareness into the curriculum of education for security professionals is necessary to enable them to build the custom defense they need to combat these targeted attacks."
An overwhelming 96% of the experts who were asked say they believe APTs represent a credible threat to national security and economic stability. The same percentage admit they are somewhat familiar with this type of threat, though 53% doubt it differs from other types of 'traditional' cybercriminal activity. ISACA believes this may indicate many have not fully understood the risk APTs risk.
Other findings include the general acceptance that social media usage boosts the likelihood of a successful APT attempt. Nine out of 10 agreed. This is another prevalent issue for Middle East enterprises since social network penetration is soaring.
Another key weakness for Mena enterprises is the BYOD ('bring your own device') culture presenting a myriad of additional vulnerabilities for IT departments. The survey recorded 87% of respondents in agreement.