Welcome!

Agile Computing Authors: Elizabeth White, Yeshim Deniz, Pat Romanski, ManageEngine IT Matters, Liz McMillan

News Feed Item

Une enquête sur la cybersécurité réalisée par l'ISACA révèle qu'une entreprise sur cinq a subi une attaque APT

Plus d'une personne sur cinq participant à une enquête mondiale sur la cybersécurité , réalisée auprès de plus de 1500 professionnels de la sécurité, déclare que son entreprise a subi une attaque APT (« advanced persistant threat »). D'après l'étude réalisée par l'association TI mondiale ISACA, 94 % déclarent que les APT constituent une menace crédible à la sécurité et à la stabilité économique nationales, et pourtant la plupart des entreprises emploient des technologies inefficaces pour se protéger.

Les APT, une tactique d'espionnage visant à voler la propriété intellectuelle, ont fait les gros titres au cours des dernières années pour avoir porté atteinte à des réseaux commerciaux et gouvernementaux majeurs dans le monde entier. Plus de 60 % des personnes interrogées ont indiqué qu'il n'était qu'une question de temps avant que leur entreprise soit ciblée.

Sensibilisation de l'ISACA aux « advanced persistant threats » : Les résultats de l'étude indiquent que 96 % des personnes interrogées se déclarent un tant soit peu familières avec les APT. Bien que ceci soit positif, 53 % déclarent qu'elles ne pensent pas que les APT diffèrent des menaces traditionnelles—ce qui indique qu'elles sont nombreuses à mal les comprendre.

« Les APT sont sophistiquées, furtives et incessantes », a déclaré Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, vice-président international de l'ISACA et chef de la sécurité des informations d'INTRALOT GROUP. « Les cybermenaces traditionnelles se dissipent souvent si elles ne peuvent pas pénétrer leur cible initiale, mais une APT tente continuellement de pénétrer la cible désirée jusqu'à ce qu'elle atteigne son objectif—et, ceci fait, elle peut se déguiser et se transformer si nécessaire, ce qui la rend difficile à identifier ou à stopper ».

Plus de 60 % des personnes interrogées ont indiqué qu'elles étaient prêtes à se défendre contre les attaques APT. Toutefois, les antivirus et les anti-logiciels espions (95 %) et les technologies de périmètre de réseau telles que les pare-feux (93 %) sont les principaux contrôles utilisés par leurs entreprises pour bloquer les APT—un résultat inquiétant, étant donné que les APT sont connus pour éviter d'être pris par ces types de contrôles. L'étude indique que les contrôles de sécurité mobiles, qui sont plus efficaces, sont utilisés nettement moins fréquemment.

« Les APT exigent de nombreuses approches défensives, d'une formation de sensibilisation et d'une modification des accords tiers assurant la protection des fournisseurs, à la mise en œuvre de contrôles techniques », a ajouté Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, FACS CP, directeur de l'ISACA et directeur de la sécurité des informations et de l'assurance TI chez BRM Holdich.

L'enquête a également révélé que :

  • 90 % des personnes interrogées considèrent que l'utilisation de sites de réseautage sociaux augmente la probabilité d'une attaque APT concluante.
  • 87 % considèrent que BYOD (« apportez votre propre matériel ») , combiné à l'enracinement ou au déverrouillage de l'appareil, augmentent la probabilité d'une attaque APT concluante.
  • Plus de 80 % déclarent que leurs entreprises n'ont pas actualisé leurs accords de fournisseurs pour se protéger contre les APT.

« Nous ne sommes qu'en février et déjà nous pouvons proclamer 2013 l'année du piratage », a confié quant à lui Tom Kellermann, CISM, conseiller de confiance auprès du gouvernement des États-Unis et vice-président en charge de la cybersécurité chez Trend Micro. « La recherche de l'ISACA révèle que les entreprises sont attaquées et ne le réalisent même pas. Il est nécessaire d'intégrer cette sensibilisation au programme d'études des professionnels de la sécurité pour leur permettre d'élaborer la défense personnalisée dont ils ont besoin pour combattre ces attaques ciblées ».

L'étude ISACA, parrainée par Trend Micro, peut être téléchargée gratuitement sur www.isaca.org/cybersecurity.

À propos de l’ISACA

L'ISACA, qui compte 100 000 membres à l'échelle mondiale, (www.isaca.org) aide les entreprises à inspirer confiance en leurs informations et leurs systèmes, et à en tirer de la valeur. Fondée en 1969, l’ISACA atteste des compétences et des connaissances en technologies de l’information en octroyant les certifications CISA, CISM, CGEIT et CRISC. ISACA a développé le cadre COBIT, qui aide les entreprises à gérer et à gouverner leurs informations et leur technologie.

Twitter : https://twitter.com/ISACANews

Le texte du communiqué issu d’une traduction ne doit d’aucune manière être considéré comme officiel. La seule version du communiqué qui fasse foi est celle du communiqué dans sa langue d’origine. La traduction devra toujours être confrontée au texte source, qui fera jurisprudence.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
SYS-CON Events announced today that Calligo, an innovative cloud service provider offering mid-sized companies the highest levels of data privacy and security, has been named "Bronze Sponsor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Calligo offers unparalleled application performance guarantees, commercial flexibility and a personalised support service from its globally located cloud plat...
"We are focused on SAP running in the clouds, to make this super easy because we believe in the tremendous value of those powerful worlds - SAP and the cloud," explained Frank Stienhans, CTO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
"The Striim platform is a full end-to-end streaming integration and analytics platform that is middleware that covers a lot of different use cases," explained Steve Wilkes, Founder and CTO at Striim, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We provide IoT solutions. We provide the most compatible solutions for many applications. Our solutions are industry agnostic and also protocol agnostic," explained Richard Han, Head of Sales and Marketing and Engineering at Systena America, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
"We've been engaging with a lot of customers including Panasonic, we've been involved with Cisco and now we're working with the U.S. government - the Department of Homeland Security," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
DX World EXPO, LLC., a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
"MobiDev is a Ukraine-based software development company. We do mobile development, and we're specialists in that. But we do full stack software development for entrepreneurs, for emerging companies, and for enterprise ventures," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
While the focus and objectives of IoT initiatives are many and diverse, they all share a few common attributes, and one of those is the network. Commonly, that network includes the Internet, over which there isn't any real control for performance and availability. Or is there? The current state of the art for Big Data analytics, as applied to network telemetry, offers new opportunities for improving and assuring operational integrity. In his session at @ThingsExpo, Jim Frey, Vice President of S...
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
In his opening keynote at 20th Cloud Expo, Michael Maximilien, Research Scientist, Architect, and Engineer at IBM, discussed the full potential of the cloud and social data requires artificial intelligence. By mixing Cloud Foundry and the rich set of Watson services, IBM's Bluemix is the best cloud operating system for enterprises today, providing rapid development and deployment of applications that can take advantage of the rich catalog of Watson services to help drive insights from the vast t...
SYS-CON Events announced today that EnterpriseTech has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. EnterpriseTech is a professional resource for news and intelligence covering the migration of high-end technologies into the enterprise and business-IT industry, with a special focus on high-tech solutions in new product development, workload management, increased effic...
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
SYS-CON Events announced today that Cloud Academy named "Bronze Sponsor" of 21st International Cloud Expo which will take place October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara, CA. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud com...
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and ...
SYS-CON Events announced today that CHEETAH Training & Innovation will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CHEETAH Training & Innovation is a cloud consulting and IT training firm specializing in improving clients cloud strategies and infrastructures for medium to large companies.
SYS-CON Events announced today that Datanami has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datanami is a communication channel dedicated to providing insight, analysis and up-to-the-minute information about emerging trends and solutions in Big Data. The publication sheds light on all cutting-edge technologies including networking, storage and applications, and thei...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...