July 9, 2014 By Larry Ponemon 3 min read

Is it possible to successfully defend your enterprise against advanced persistent threats (APTs)? Ponemon Institute’s latest “State of Advanced Persistent Threats” study, sponsored by Trusteer, an IBM company, revealed the pessimism that many IT security professionals feel about their ability to reduce the frequency and severity of these attacks.

Most believe the security threat landscape is much more serious due to APTs, and we believe the study provides valuable insights into what those in the trenches are doing to keep their information assets safe. Their experiences can help other companies better understand where they should target their resources and energy to improve their defense.

7 Recommendations for Defending against APTs:

Based on the findings, here are some recommendations:

  1. Focus on solutions that address the malware risk. Ninety-three percent of respondents say malware was the source of the attack.
  2. Pay more attention to targeted attacks. They require more attention than opportunistic attacks. Respondents report that opportunistic attacks are less frequent and easier to prevent than targeted attacks. In contrast, 48 percent say the frequency of targeted attacks has rapidly increased or increased in the past 12 months.
  3. More expertise is needed to handle the risk posed by Java and Adobe Readers. Respondents were asked to consider a list of well-known commercial applications that have been the source of zero-day exploits over the past year. According to 80 percent of respondents, Java is the most difficult application for which to ensure all security patches have been fully implemented in a timely fashion; 72 percent say it is Adobe Reader. Other challenging applications include Windows (65 percent of respondents) and Flash (60 percent of respondents). However, companies are slow to patch vulnerabilities; this is mainly because the companies could not afford the cost of downtime while waiting for the patch to be implemented (65 percent of respondents). Forty-two percent of respondents report that they did not have the professional staff available to implement the patch, and only 13 percent say the vulnerability risk is low.
  4. Make the business case for investing in technologies that address advanced persistent threats. Despite the threat, the majority of respondents believe their organizations do not currently have the necessary security technologies to effectively address the threat of APTs. Only 31 percent of respondents say adequate resources are available to prevent, detect and contain APTs, and only 13 percent of respondents say non-IT executives in their organization fully understand the risk posed by APTs, a major hurdle to overcome in order to secure the necessary resources to defend the organization.
  5. The financial consequences of APTs can help make the business case. Reputation damage is the most costly consequence of APT attacks. When asked how much an APT-related incident could cost an organization in terms of diminished brand or reputation, the average estimate is $9.4 million — this is more than the estimated cost of technical support ($2.5 million), lost user productivity ($3.1 million) and revenue loss and business disruption ($3 million) combined.
  6. Adopt new approaches to fight advanced persistent threats. Current technology controls against APTs are not working. Seventy-two percent of respondents say exploits and malware have evaded their IDS, and 76 percent say they have evaded their AV solutions.
  7. Endpoint security is considered an important part of an APT security strategy. Seventy-three percent say that if they had an acceptable way to do so, they would like to prevent malware threats from infecting their organizations’ endpoints. In addition, effective endpoint protection would prevent the vast majority of APT attacks against an organization.

Download the 2014 Ponemon Study: The Economic Impact of Advanced Persistent Threats (APTs)

More from Advanced Threats

GootBot – Gootloader’s new approach to post-exploitation

8 min read - IBM X-Force discovered a new variant of Gootloader — the "GootBot" implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims' search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2…

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

4 min read - Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today