More than one in four enterprises hit by APT attacks

A report just released from the nonprofit information security advocacy organization ISACA found that, of the 660 enterprise cybersecurity professionals surveyed, just over 1 in 4, or 28%, believe they have been hit by an attack involving an Advanced Persistent Threat, or APT.

In the 2015 Advanced Persistent Threat Awareness Study, about 75% of those who took the survey haven’t updated third-party agreements to make sure that those partners and suppliers are taking the steps necessary to protect their systems from attack. Not surprisingly, the survey showed that education and training spending lags behind spending for technical controls.

The survey has also found that during the past year more business leaders are involved in cybersecurity, with about two-thirds of respondents stating such while 80 percent said the support of senior leadership is visibly increased.

Other highlights from the report include:

  • A growing belief that the use of social networking sites increases the likelihood of a successful APT attack (95 percent in 2015, up from 92 percent in 2014)
  • A broadly held conviction (89 percent of 2015 respondents) that “bring your own device” (BYOD), combined with rooting (Android manipulation by the owner of the device to gain more access to OS and hardware functions) or jailbreaking (iOS manipulation by the owner of the device to evade vendor limitations), makes successful attacks more likely
  • Almost one-quarter of the 2015 respondents consider themselves very familiar with APTs, and a total of 94 percent characterize themselves as having at least some familiarity.
  • The degree of familiarity appears to be a positive indicator and may contribute to a shift in how APTs are perceived. In 2014, 51 percent of the respondents saw APTs as unique threats, a result that is reversed in 2015, where 51 percent see the APT as similar to traditional threats.

Survey respondents stated that loss of personally identifiable information is their biggest concern, but reputation damage is the second largest risk, with the loss of intellectual property coming third.

The survey also found that while APTs garner a lot of concern, less than one-third, or 28%, believe that they suffered a successful APT attack. When it comes to enterprise ability to respond to a successful APT attack, more enterprises may remain overconfident, but slightly less so than in the same survey last year. This year, 67% of respondents think they are able to respond to an APT attack while 74% thought so last year.

While respondents may have developed risk scenarios of a successful APT attack, most have not yet had to deal with the actuality of an attack. Only 28 percent of respondents report having been subject to an APT attack. Of those, 25 percent are employed in the technology services and consulting field, and 19 percent work in government or military (national/state/local). Additionally, among those who have been subject to attack, 65 percent were able to identify its source.


  1. Wow, my number 1 concern would be a large-scale denial of service. That doesn’t necessarily mean a DDOS attack, it could mean that an infection is so widespread that many systems have to be taken down


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: