Some 60 percent of those polled in Q4 by ISACA say they thought it would only be a matter of time before their firm was targeted. And some 94 percent thought APTs represent a credible threat to national security and economic stability.
But despite this, most enterprises are employing ineffective technologies to protect themselves against APTs, ISACA says. Some 95 percent are fending off the threat with antivirus and antimalware, with 93 percent attempting to stop APTs using network perimeter technologies such as firewall. ISACA says this is “concerning,” given that APTs are known to have evaded such controls.
In contrast, mobile security controls — which ISACA said can be quite effective — are used much less frequently.
“While these controls [AV and firewalls] are proficient for defending against traditional attacks, they are probably not as suited for preventing APTs,” the report states. “This is true for a number of reasons: APTs exploit zero-day threats, which are often unknown vulnerabilities, and many APTs enter the enterprise through well-designed spear phishing attacks. This indicates that additional controls — such as network segregation — and perhaps an increased focus on e-mail security and user education could be beneficial.”
ISACA says the survey suggests there’s still a gap in the understanding of what APTs are and how to defend against them.
Although 68 percent of respondents say they are familiar with APTs, 53 percent labor under the misconception that APTs are similar to traditional threats.
For more UK channel coverage from CRN, visit www.channelweb.co.uk
One Response to “ISACA: End Users Wrongly Fighting APTs With AV”
Leave a Reply