New ISACA study sounds cybersecurity warning

A litte more than four years ago, the Stuxnet computer worm reared its digital visage after dealing severe damage to centrifuges at a nuclear enrichment facility in Iran. Believed to have been created and unleashed by intelligence forces from Israel and the United States, Stuxnet executed specific programming that targeted software and equipment manufactured by German industrial giant Siemens. Stuxnet is among the more famous examples of an advanced persistent threat, or APT, an especially insidious form of cyberattack.

Many well-known APTs have targeted world governments over the years, but in 2014, it's not just civil or defense facilities that need to be prepared for an attack. Far from it, in fact, as revealed today by the release of ISACA's new global study Advanced Persistent Threat Awareness. Among a number of alarming revelations contained in the study is the troubling fact that one in five businesses worldwide have been victimized by an APT attack. Not only that, but among all organizations to uncover a lurking APT, one-third were unable to detect the original source of the threat.

Is your enterprise next on somebody's hit list? It's difficult, if not impossible, to predict where malicious hackers may strike next. So although no one wants to live in fear, it's probably better to be prepared than taken entirely unawares. And preparation is an area that many believe is lacking. The ISACA report found that while 66 percent of unscathed organizations believe it's only a matter of time before their computerized infrastructure takes a hit, just 15 percent consider themselves well prepared to cope with an APT attack. That's a number that could be considerably improved upon.

ISACA drew its conclusions from a survey of 1,500 IT professionals worldwide, with about 32 percent of those repsonses coming in from North America, and an additional 38 percent originating in Europe and Africa. The study also revealed that APTs are still at least somewhat shrouded in mystery. While 93.6 percent of those surveyed understand that APTs represent a major security threat, just 25 percent consider themselves "very familiar" with the specific nature of an APT and problems likely to arise from encountering one. (A more reassuring 42 percent rated themselves as being at least "familiar" with APTs.)

Tony Hayes, immediate past international president of ISACA, said that APTs are stealthy, relentless and zeroed in on specific targets, including research, intellectual property and government data. "It is absolutely critical for enterprises to prepare for them, and that preparation requires more than the traditional technical controls," Hayes said.

The full results of the new study are available to be downloaded (registration required) online.

Would you like more insight into the history of hacking? Check out Calvin's other articles about historical hackery:
About the Author

GoCertify's mission is to help both students and working professionals get IT certifications. GoCertify was founded in 1998 by Anne Martinez.