Is it possible to successfully defend your enterprise against advanced persistent threats (APTs)? Ponemon Institute’s latest “State of Advanced Persistent Threats” study, sponsored by Trusteer, an IBM company, revealed the pessimism that many IT security professionals feel about their ability to reduce the frequency and severity of these attacks.
Most believe the security threat landscape is much more serious due to APTs, and we believe the study provides valuable insights into what those in the trenches are doing to keep their information assets safe. Their experiences can help other companies better understand where they should target their resources and energy to improve their defense.
7 Recommendations for Defending against APTs
Based on the findings, here are some recommendations:
- Focus on solutions that address the malware risk. Ninety-three percent of respondents say malware was the source of the attack.
- Pay more attention to targeted attacks. They require more attention than opportunistic attacks. Respondents report that opportunistic attacks are less frequent and easier to prevent than targeted attacks. In contrast, 48 percent say the frequency of targeted attacks has rapidly increased or increased in the past 12 months.
- More expertise is needed to handle the risk posed by Java and Adobe Readers. Respondents were asked to consider a list of well-known commercial applications that have been the source of zero-day exploits over the past year. According to 80 percent of respondents, Java is the most difficult application for which to ensure all security patches have been fully implemented in a timely fashion; 72 percent say it is Adobe Reader. Other challenging applications include Windows (65 percent of respondents) and Flash (60 percent of respondents). However, companies are slow to patch vulnerabilities; this is mainly because the companies could not afford the cost of downtime while waiting for the patch to be implemented (65 percent of respondents). Forty-two percent of respondents report that they did not have the professional staff available to implement the patch, and only 13 percent say the vulnerability risk is low.
- Make the business case for investing in technologies that address advanced persistent threats. Despite the threat, the majority of respondents believe their organizations do not currently have the necessary security technologies to effectively address the threat of APTs. Only 31 percent of respondents say adequate resources are available to prevent, detect and contain APTs, and only 13 percent of respondents say non-IT executives in their organization fully understand the risk posed by APTs, a major hurdle to overcome in order to secure the necessary resources to defend the organization.
- The financial consequences of APTs can help make the business case. Reputation damage is the most costly consequence of APT attacks. When asked how much an APT-related incident could cost an organization in terms of diminished brand or reputation, the average estimate is $9.4 million — this is more than the estimated cost of technical support ($2.5 million), lost user productivity ($3.1 million) and revenue loss and business disruption ($3 million) combined.
- Adopt new approaches to fight advanced persistent threats. Current technology controls against APTs are not working. Seventy-two percent of respondents say exploits and malware have evaded their IDS, and 76 percent say they have evaded their AV solutions.
- Endpoint security is considered an important part of an APT security strategy. Seventy-three percent say that if they had an acceptable way to do so, they would like to prevent malware threats from infecting their organizations’ endpoints. In addition, effective endpoint protection would prevent the vast majority of APT attacks against an organization.
Author: Larry Ponemon, Chairman and Founder, Ponemon Institute.