Advanced Persistent Threat attacks (APT) are the leading cybersecurity concern for security professionals, according to recently released survey results.
Bit9’s “Year of the Hack” survey asked 765 IT and security professionals across several industries about their main cybersecurity concerns and what steps were being taken to secure company networks. Sixty percent of respondents named APT attacks as their main concern.
“When you look at the number of data breaches that have occurred this year, and that includes RSA, Lockheed Martin, the International Monetary Fund, Oak Ridge Laboratories…and the very high profile attacks from LulzSec and Anonymous, pretty much across the spectrum we’ve seen a rash of high profile, highly-publicized data breaches,” Bit9’s chief technology officer Harry Sverdlove told Security Management.
APT attacks are especially damaging because they target an organization’s intellectual property, whether it be state secrets or customer lists. Attacks have increased in volume from years past. Given that most data breaches aren’t disclosed, known attacks are just the tip of the iceberg, he said.
Tom Murphy, chief strategy officer at Bit9, said the survey shows that companies are increasingly worried about APT attacks, but aren’t taking the necessary precautions to secure their networks.
“Companies are gambling on a losing game by failing to put security policies in place. It’s not a case of if a breach will occur, but when and how severe,” Murphy, said.
Bit9 says companies allow risky behavior by being more hands-off in their approach to software usage policies.
Survey data shows that relaxed download policies have increased 12 percent from 2010 and 22 percent since 2009. Sixty-eight percent of respondents use restrictive administrative rights to control and prevent unauthorized software, but half of companies that responded allow users to download and install applications themselves.