More than a third of IT execs in Italy say bankruptcy could be the worst consequence of an advanced persistent threat (APT), according to a recent survey by security firm Bitdefender.
Almost 60 percent of IT security decision makers in Italy say their companies could ‘definitely’ be a target of cyberespionage campaigns using advanced persistent threats (APTs), according to a recent survey by security firm Bitdefender. These complex cyber tools are crafted for high-profile entities and operate by silently gathering sensitive data over long periods. Another 35 percent of respondents say their IT infrastructure could ‘possibly’ be targeted in high-level cyberespionage actions that exfiltrate intelligence systematically.
In the past year, top corporations suffered an increase in security incidents and breaches, with a significant rise in documented APTs and targeted attacks aiming at both companies and government entities (such as APT-28 and, just recently, Netrepser). In fact, less than 6 percent of IT decision makers say APTs are not a real concern in their working environment. Concerns for security are rising, with decisions taken at the board level in most companies. Both IT C-suite decision makers and boards are increasingly concerned about security, not only due to the cost of a breach, but also because the companies’ future is at stake when the most valuable data is exposed to interested attackers.
Surprisingly, most IT decision makers say it would take a few weeks to a month to detect an APT, but more than a quarter (28 percent) say they would need up to a year or more to uncover modern sophisticated threats. This might show many surveyed IT execs fear but underestimate the potential complexity of these threats.
“Cyberattacks can go undetected for months and, in most cases, breaches stem from zero-days and kernel-level malware,” Bitdefender’s Senior eThreat Analyst Liviu Arsene says. “This is precisely what APTs turn to, because it keeps them from being detected. Kernel exploits and rootkits can evade traditional endpoint security solutions to gain full control over the operating system.”
Most advanced persistent threats are not limited to state-sponsored attacks, as enterprises can also fall victim to attackers that exploit zero-day vulnerabilities to install highly targeted malware to spy on companies and steal intellectual property. Bitdefender’s survey confirms that CISOs perceive competitors as the main interested party that would target their organisations for corporate espionage (64 percent). Hacktivist entities and foreign state-sponsored attackers come second and third, with 51 percent and 46 percent, respectively.
85 percent of IT security decision makers in Italy reveal financial costs top the list of the worst consequences they could face if an APT attacker accesses the ‘crown jewels’. Reputational damage to their businesses comes second (61 percent), followed by bankruptcy (40 percent). Darker risks even include war or cyber conflicts (20 percent), and the loss of life (18 percent).
Companies mostly fear losing financial information (51 percent), followed by research about new products (48 percent), information about their customers (45 percent), product info and specifications (34 percent), intellectual property (28 percent), information about certain employees (22 percent), and research about the competition (20 percent), said respondents.
As a result, 96 percent of boards of directors address cybersecurity as a serious risk management issue with severe reputation and financial consequences, while only 2 percent haven’t done it so far. Most organisations (67 percent) have an incident response and disaster recovery plan in place in case of an APT attack or massive breach, and 30 percent admit they have started developing such a strategy, currently as a work in progress. Less than 3 percent lack these types of procedures.
These findings are revealed in a survey released in June 2017 by security firm Bitdefender. The study explores, in detail, the pressures APTs place on 1,051 IT security professionals from large enterprises with 1,000+ PCs and data centers, based in the US, the UK, France, Italy, Sweden, Denmark, and Germany.