ISACA Advanced Persistent Threat Survey Shows Some Eye-opening Findings | Security Bistro
Jared Sperli stashed this in cyber
The survey report concludes that companies may need to consider additional controls such as network segregation and an increased focus on email security and user education. Many advanced attacks enter companies through unsolicited emails containing malicious links, and especially through spear phishing attempts.
In addition, while many of technological controls being employed by enterprises “are proficient for defending against traditional attacks, they are probably not as suited for preventing (or detecting) APTs. This is true for a number of reasons: APTs exploit zero-day threats, which are often unknown vulnerabilities, and many APTs enter the enterprise through well-designed spear phishing attacks.”
As can be seen by the survey report, many organizations don’t understand how advanced persistent threats differ from garden variety cyber attacks. It’s important for companies and their security professionals to understand the differences if they are going to successfully defend against APTs.