Malware, Vulnerability Management

Lack of resources exposes organizations to APTs, study finds

A lack of budget and resources is opening up enterprises to advanced persistent threats (APT).

That is the general consensus among the 755 IT security practitioners surveyed in “The State of Advanced Persistent Threats,” a 2013 report released Tuesday by independent research organization the Ponemon Institute and sponsored by computer security company Trusteer.

APTs are defined in the report as a kind of attack that dodges an organization's defenses. This means the attack – about 93 percent of the time it is a type of malware, according to the study – is designed to bypass firewalls, intrusion detection systems (IDS) and anti-virus and anti-malware programs.

About 72 percent of practitioners said that exploits and malware evaded their IDS and about 76 percent said it evaded their anti-virus solutions, according to the study. Entities experienced nine APTs on average in 2013.

Nearly 63 percent of respondents discovered the APT by accident, the report indicates, adding that it took an average of 225 days to detect the APTs.

“Practitioners agree that the current crops of defensive technologies are not very effective,” George Tubin, senior security strategist at Trusteer, told SCMagazine.com on Thursday. “They rely on the defensive technologies to identify malware on their network and endpoints only after the vendors have updated their blacklists with identified malware. This identification usually happens long after the malware has been used in the wild for attacks. By that time, it's too late as the malware has been used to breach the network and steal sensitive information.”

The future of APT defense is looking bleak, at least for roughly half the respondents. About 44 percent said they are not confident their abilities to defend against APTs will improve.

“Respondents believed that endpoint protection presents their best opportunity to defend against APT attacks,” Tubin said. “Detect and prevent malware at the point of infection, before it can cause damage. We always recommend a layered security approach.”

IT downtime and business disruptions are some of the short-term problems faced by organizations affected by APTs, Tubin explained, adding that theft of confidential or personal information and reputational damage – assessed at an average $9.4 million per incident – are some of the more devastating long-term impacts.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.