German IT execs perceive competitors as the main interested parties that could target their organisations, according to a recent survey by security firm Bitdefender.
Most advanced persistent threats are not limited to state-sponsored attacks, as enterprises can also fall victim to attackers that exploit zero-day vulnerabilities to install highly targeted malware to spy on companies and steal intellectual property. A recent Bitdefender survey confirms that German CISOs perceive competitors as the main interested party that would target their organisations for industrial espionage (66 percent). Hacktivist entities and foreign state-sponsored attackers come second and third, with 59 percent and 46 percent, respectively.
75 percent of IT security decision makers in Germany reveal financial costs to their businesses tops the list of the worst consequences they could face if an APT attacker accesses the ‘crown jewels’. Reputational damage come second (57 percent), followed by bankruptcy (37 percent). Darker risks even include war or cyber conflicts (26 percent), and the loss of life (29 percent).
Companies mostly fear losing information about their customers (43 percent), followed by research about new products (42 percent), financial information (41 percent), information about certain employees (36 percent), intellectual property (31 percent), product info and specifications (30 percent), and research about the competition (20 percent), said respondents.
Almost two-thirds (65 percent) of IT security decision makers in Germany say their companies could ‘definitely’ be a target of cyberespionage campaigns using advanced persistent threats (APTs), according to a recent survey by security firm Bitdefender. These complex cyber tools are crafted for high-profile entities and operate by silently gathering sensitive data over long periods. Another 31 percent of respondents say their IT infrastructure could ‘possibly’ be targeted in high-level cyberespionage actions that exfiltrate intelligence systematically.
In the past year, top corporations suffered an increase in security incidents and breaches, with a significant rise in documented APTs and targeted attacks aiming at both companies and government entities (such as APT-28 and, just recently, Netrepser). In fact, less than 4 percent of IT decision makers say APTs are not a real concern in their working environment. Concerns for security are rising, with decisions taken at the board level in most companies. Both IT C-suite decision makers and boards are increasingly concerned about security, not only due to the cost of a breach, but also because the companies’ future is at stake when the most valuable data is exposed to interested attackers.
Surprisingly, most German IT decision makers say it would take a few weeks to a month to detect an APT, but more than a quarter (26 percent) say they would need up to a year to uncover modern sophisticated threats. This might show many surveyed IT execs fear but underestimate the potential complexity of these threats.
“Cyberattacks can go undetected for months and, in most cases, breaches stem from zero-days and kernel-level malware,” Bitdefender’s Senior eThreat Analyst Liviu Arsene says. “This is precisely what APTs turn to, because it keeps them from being detected. Kernel exploits and rootkits can evade traditional endpoint security solutions to gain full control over the operating system.”
A previous study by Bitdefender revealed that companies in Germany would pay an average of €80,000 to avoid public shaming scandals after a breach. Some 6 percent would pay more than €500,000.
As a result, 91 percent of boards of directors address cybersecurity as a serious risk management issue with severe reputation and financial consequences, while only 5 percent haven’t done it so far. Most organisations (57 percent) have an incident response and disaster recovery plan in place in case of an APT attack or massive breach, and 35 percent admit they have started developing such a strategy, currently as a work in progress. Less than 6 percent lack these types of procedures.
71 percent of German execs surveyed perceive layered defense, a mix of multiple security policies and tools designed to fight modern threats and penetrations, as the best defense against advanced persistent threats. Security audits, next-gen solutions, traditional security, and log monitoring have been also mentioned by more than a third of the respondents.
These findings are revealed in a survey released in June 2017 by security firm Bitdefender. The study explores, in detail, the pressures APTs place on 1,051 IT security professionals from large enterprises with 1,000+ PCs and data centers, based in the US, the UK, France, Italy, Sweden, Denmark, and Germany.