July 9, 2014 By Larry Ponemon 3 min read

Is it possible to successfully defend your enterprise against advanced persistent threats (APTs)? Ponemon Institute’s latest “State of Advanced Persistent Threats” study, sponsored by Trusteer, an IBM company, revealed the pessimism that many IT security professionals feel about their ability to reduce the frequency and severity of these attacks.

Most believe the security threat landscape is much more serious due to APTs, and we believe the study provides valuable insights into what those in the trenches are doing to keep their information assets safe. Their experiences can help other companies better understand where they should target their resources and energy to improve their defense.

7 Recommendations for Defending against APTs:

Based on the findings, here are some recommendations:

  1. Focus on solutions that address the malware risk. Ninety-three percent of respondents say malware was the source of the attack.
  2. Pay more attention to targeted attacks. They require more attention than opportunistic attacks. Respondents report that opportunistic attacks are less frequent and easier to prevent than targeted attacks. In contrast, 48 percent say the frequency of targeted attacks has rapidly increased or increased in the past 12 months.
  3. More expertise is needed to handle the risk posed by Java and Adobe Readers. Respondents were asked to consider a list of well-known commercial applications that have been the source of zero-day exploits over the past year. According to 80 percent of respondents, Java is the most difficult application for which to ensure all security patches have been fully implemented in a timely fashion; 72 percent say it is Adobe Reader. Other challenging applications include Windows (65 percent of respondents) and Flash (60 percent of respondents). However, companies are slow to patch vulnerabilities; this is mainly because the companies could not afford the cost of downtime while waiting for the patch to be implemented (65 percent of respondents). Forty-two percent of respondents report that they did not have the professional staff available to implement the patch, and only 13 percent say the vulnerability risk is low.
  4. Make the business case for investing in technologies that address advanced persistent threats. Despite the threat, the majority of respondents believe their organizations do not currently have the necessary security technologies to effectively address the threat of APTs. Only 31 percent of respondents say adequate resources are available to prevent, detect and contain APTs, and only 13 percent of respondents say non-IT executives in their organization fully understand the risk posed by APTs, a major hurdle to overcome in order to secure the necessary resources to defend the organization.
  5. The financial consequences of APTs can help make the business case. Reputation damage is the most costly consequence of APT attacks. When asked how much an APT-related incident could cost an organization in terms of diminished brand or reputation, the average estimate is $9.4 million — this is more than the estimated cost of technical support ($2.5 million), lost user productivity ($3.1 million) and revenue loss and business disruption ($3 million) combined.
  6. Adopt new approaches to fight advanced persistent threats. Current technology controls against APTs are not working. Seventy-two percent of respondents say exploits and malware have evaded their IDS, and 76 percent say they have evaded their AV solutions.
  7. Endpoint security is considered an important part of an APT security strategy. Seventy-three percent say that if they had an acceptable way to do so, they would like to prevent malware threats from infecting their organizations’ endpoints. In addition, effective endpoint protection would prevent the vast majority of APT attacks against an organization.

Download the 2014 Ponemon Study: The Economic Impact of Advanced Persistent Threats (APTs)

More from Advanced Threats

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today