Welcome!

Agile Computing Authors: Liz McMillan, Sanjay Zalavadia, Xenia von Wedel, Pat Romanski, Elizabeth White

News Feed Item

Une enquête sur la cybersécurité réalisée par l'ISACA révèle qu'une entreprise sur cinq a subi une attaque APT

Plus d'une personne sur cinq participant à une enquête mondiale sur la cybersécurité , réalisée auprès de plus de 1500 professionnels de la sécurité, déclare que son entreprise a subi une attaque APT (« advanced persistant threat »). D'après l'étude réalisée par l'association TI mondiale ISACA, 94 % déclarent que les APT constituent une menace crédible à la sécurité et à la stabilité économique nationales, et pourtant la plupart des entreprises emploient des technologies inefficaces pour se protéger.

Les APT, une tactique d'espionnage visant à voler la propriété intellectuelle, ont fait les gros titres au cours des dernières années pour avoir porté atteinte à des réseaux commerciaux et gouvernementaux majeurs dans le monde entier. Plus de 60 % des personnes interrogées ont indiqué qu'il n'était qu'une question de temps avant que leur entreprise soit ciblée.

Sensibilisation de l'ISACA aux « advanced persistant threats » : Les résultats de l'étude indiquent que 96 % des personnes interrogées se déclarent un tant soit peu familières avec les APT. Bien que ceci soit positif, 53 % déclarent qu'elles ne pensent pas que les APT diffèrent des menaces traditionnelles—ce qui indique qu'elles sont nombreuses à mal les comprendre.

« Les APT sont sophistiquées, furtives et incessantes », a déclaré Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, vice-président international de l'ISACA et chef de la sécurité des informations d'INTRALOT GROUP. « Les cybermenaces traditionnelles se dissipent souvent si elles ne peuvent pas pénétrer leur cible initiale, mais une APT tente continuellement de pénétrer la cible désirée jusqu'à ce qu'elle atteigne son objectif—et, ceci fait, elle peut se déguiser et se transformer si nécessaire, ce qui la rend difficile à identifier ou à stopper ».

Plus de 60 % des personnes interrogées ont indiqué qu'elles étaient prêtes à se défendre contre les attaques APT. Toutefois, les antivirus et les anti-logiciels espions (95 %) et les technologies de périmètre de réseau telles que les pare-feux (93 %) sont les principaux contrôles utilisés par leurs entreprises pour bloquer les APT—un résultat inquiétant, étant donné que les APT sont connus pour éviter d'être pris par ces types de contrôles. L'étude indique que les contrôles de sécurité mobiles, qui sont plus efficaces, sont utilisés nettement moins fréquemment.

« Les APT exigent de nombreuses approches défensives, d'une formation de sensibilisation et d'une modification des accords tiers assurant la protection des fournisseurs, à la mise en œuvre de contrôles techniques », a ajouté Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, FACS CP, directeur de l'ISACA et directeur de la sécurité des informations et de l'assurance TI chez BRM Holdich.

L'enquête a également révélé que :

  • 90 % des personnes interrogées considèrent que l'utilisation de sites de réseautage sociaux augmente la probabilité d'une attaque APT concluante.
  • 87 % considèrent que BYOD (« apportez votre propre matériel ») , combiné à l'enracinement ou au déverrouillage de l'appareil, augmentent la probabilité d'une attaque APT concluante.
  • Plus de 80 % déclarent que leurs entreprises n'ont pas actualisé leurs accords de fournisseurs pour se protéger contre les APT.

« Nous ne sommes qu'en février et déjà nous pouvons proclamer 2013 l'année du piratage », a confié quant à lui Tom Kellermann, CISM, conseiller de confiance auprès du gouvernement des États-Unis et vice-président en charge de la cybersécurité chez Trend Micro. « La recherche de l'ISACA révèle que les entreprises sont attaquées et ne le réalisent même pas. Il est nécessaire d'intégrer cette sensibilisation au programme d'études des professionnels de la sécurité pour leur permettre d'élaborer la défense personnalisée dont ils ont besoin pour combattre ces attaques ciblées ».

L'étude ISACA, parrainée par Trend Micro, peut être téléchargée gratuitement sur www.isaca.org/cybersecurity.

À propos de l’ISACA

L'ISACA, qui compte 100 000 membres à l'échelle mondiale, (www.isaca.org) aide les entreprises à inspirer confiance en leurs informations et leurs systèmes, et à en tirer de la valeur. Fondée en 1969, l’ISACA atteste des compétences et des connaissances en technologies de l’information en octroyant les certifications CISA, CISM, CGEIT et CRISC. ISACA a développé le cadre COBIT, qui aide les entreprises à gérer et à gouverner leurs informations et leur technologie.

Twitter : https://twitter.com/ISACANews

Le texte du communiqué issu d’une traduction ne doit d’aucune manière être considéré comme officiel. La seule version du communiqué qui fasse foi est celle du communiqué dans sa langue d’origine. La traduction devra toujours être confrontée au texte source, qui fera jurisprudence.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations. In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to imp...
The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, provided an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data profession...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, wh...
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...
When people aren’t talking about VMs and containers, they’re talking about serverless architecture. Serverless is about no maintenance. It means you are not worried about low-level infrastructural and operational details. An event-driven serverless platform is a great use case for IoT. In his session at @ThingsExpo, Animesh Singh, an STSM and Lead for IBM Cloud Platform and Infrastructure, will detail how to build a distributed serverless, polyglot, microservices framework using open source tec...
Connected devices and the industrial internet are growing exponentially every year with Cisco expecting 50 billion devices to be in operation by 2020. In this period of growth, location-based insights are becoming invaluable to many businesses as they adopt new connected technologies. Knowing when and where these devices connect from is critical for a number of scenarios in supply chain management, disaster management, emergency response, M2M, location marketing and more. In his session at @Th...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
Cloud Expo, Inc. has announced today that Andi Mann returns to 'DevOps at Cloud Expo 2016' as Conference Chair The @DevOpsSummit at Cloud Expo will take place on November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. "DevOps is set to be one of the most profound disruptions to hit IT in decades," said Andi Mann. "It is a natural extension of cloud computing, and I have seen both firsthand and in independent research the fantastic results DevOps delivers. So I am excited t...
"We work in the area of Big Data analytics and Big Data analytics is a very crowded space - you have Hadoop, ETL, warehousing, visualization and there's a lot of effort trying to get these tools to talk to each other," explained Mukund Deshpande, head of the Analytics practice at Accelerite, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
"delaPlex is a software development company. We do team-based outsourcing development," explained Mark Rivers, COO and Co-founder of delaPlex Software, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
IoT is rapidly changing the way enterprises are using data to improve business decision-making. In order to derive business value, organizations must unlock insights from the data gathered and then act on these. In their session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, and Peter Shashkin, Head of Development Department at EastBanc Technologies, discussed how one organization leveraged IoT, cloud technology and data analysis to improve customer experiences and effi...
Basho Technologies has announced the latest release of Basho Riak TS, version 1.3. Riak TS is an enterprise-grade NoSQL database optimized for Internet of Things (IoT). The open source version enables developers to download the software for free and use it in production as well as make contributions to the code and develop applications around Riak TS. Enhancements to Riak TS make it quick, easy and cost-effective to spin up an instance to test new ideas and build IoT applications. In addition to...
The idea of comparing data in motion (at the sensor level) to data at rest (in a Big Data server warehouse) with predictive analytics in the cloud is very appealing to the industrial IoT sector. The problem Big Data vendors have, however, is access to that data in motion at the sensor location. In his session at @ThingsExpo, Scott Allen, CMO of FreeWave, discussed how as IoT is increasingly adopted by industrial markets, there is going to be an increased demand for sensor data from the outermos...
CenturyLink has announced that application server solutions from GENBAND are now available as part of CenturyLink’s Networx contracts. The General Services Administration (GSA)’s Networx program includes the largest telecommunications contract vehicles ever awarded by the federal government. CenturyLink recently secured an extension through spring 2020 of its offerings available to federal government agencies via GSA’s Networx Universal and Enterprise contracts. GENBAND’s EXPERiUS™ Application...
The cloud market growth today is largely in public clouds. While there is a lot of spend in IT departments in virtualization, these aren’t yet translating into a true “cloud” experience within the enterprise. What is stopping the growth of the “private cloud” market? In his general session at 18th Cloud Expo, Nara Rajagopalan, CEO of Accelerite, explored the challenges in deploying, managing, and getting adoption for a private cloud within an enterprise. What are the key differences between wh...
Presidio has received the 2015 EMC Partner Services Quality Award from EMC Corporation for achieving outstanding service excellence and customer satisfaction as measured by the EMC Partner Services Quality (PSQ) program. Presidio was also honored as the 2015 EMC Americas Marketing Excellence Partner of the Year and 2015 Mid-Market East Partner of the Year. The EMC PSQ program is a project-specific survey program designed for partners with Service Partner designations to solicit customer feedbac...
The IoT is changing the way enterprises conduct business. In his session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, discussed how businesses can gain an edge over competitors by empowering consumers to take control through IoT. He cited examples such as a Washington, D.C.-based sports club that leveraged IoT and the cloud to develop a comprehensive booking system. He also highlighted how IoT can revitalize and restore outdated business models, making them profitable ...
There are several IoTs: the Industrial Internet, Consumer Wearables, Wearables and Healthcare, Supply Chains, and the movement toward Smart Grids, Cities, Regions, and Nations. There are competing communications standards every step of the way, a bewildering array of sensors and devices, and an entire world of competing data analytics platforms. To some this appears to be chaos. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Bradley Holt, Developer Advocate a...
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2016 Silicon Valley. The 19th Cloud Expo and 6th @ThingsExpo will take place on November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Interne...
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.