Welcome!

Agile Computing Authors: Elizabeth White, ManageEngine IT Matters, Liz McMillan, Xenia von Wedel, Craig Lowell

News Feed Item

Pesquisa de segurança cibernética da ISACA revela que uma em cada cinco empresas já experimentou um ataque de APT

Pesquisa global sobre segurança cibernética com mais de 1.500 profissionais de segurança fevelou que um em cada cinco profissionais disse que sua empresa já tinha experimentado um ataque de ameaça persistente avançada (APT). De acordo com o estudo realizado pela associação global de TI da ISACA, 94% dizem que APTs representam uma ameaça real para a segurança nacional e a estabilidade econômica, mas a maioria das empresas está empregando tecnologias ineficazes para se protegerem.

Os APTs, uma tática de espionagem com objetivo de roubar propriedade intelectual, foram motivo de manchetes na imprensa nos últimos anos por violação das maiores redes empresariais e governamentais de todo o mundo. Mais de 60% dos entrevistados dizem que é apenas uma questão de tempo até que sua empresa se torne alvo.

Conscientização da ISACA sobre ameaça avançada persistente: Os resultados do estudo mostram que 96% dos entrevistados dizem que estão de alguma forma familiarizados com os APTs. Embora isto seja positivo, 53% dizem que não acreditam que os APTs sejam diferentes das ameaças tradicionais—indicando que muitos não as entendem completamente.

"Os APTs são sofisticados, furtivos e implacáveis", disse Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, vice-presidente internacional da ISACA e chefe de segurança da informação do GRUPO INTRALOT. "As ameaças cibernéticas tradicionais muitas vezes movem-se para o próximo alvo quando não conseguem infiltrar-se no seu alvo inicial, mas um APT continuará tentando infiltrar-se no alvo desejado até que ele cumpra o seu objetivo—e quando isso acontece, ele pode se disfarçar e se transformar, quando necessário, o que o torna difícil de identificar ou parar."

Mais de 60% dos entrevistados dizem que estão prontos para responder a ataques APT. No entanto, antivírus e antimalware (95%) e tecnologias de perímetro de rede, como os firewalls (93%) estão no topo da lista de controles que suas empresas usam para parar APTs—uma declaração preocupante, levando em conta que APTs são conhecidos por evitar serem capturados por esses tipos de controles. O estudo mostra que os controles de segurança de dispositivos móveis, que são mais eficazes, são usados ​​com muito menos frequência.

"Os APTs precisam de muitas abordagens defensivas, do treinamento de conscientização que altera contratos de terceiros para garantir que os fornecedores estejam bem protegidos, até a implementação de controles técnicos", disse Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, FACS CP, diretor da ISACA e diretor de segurança da informação e garantia de TI da BRM Holdich.

O estudo também constatou que:

  • 90% dos entrevistados acreditam que o uso de sites de redes sociais aumenta a probabilidade de sucesso de um APT.
  • 87% acreditam que "traga seu próprio dispositivo" (BYOD), combinado com acesso superusuário [rooting] ou desbloqueio iOS [jailbreak] do aparelho, faz um ataque bem sucedido de APT ser mais provável.
  • Mais de 80% dizem que suas empresas não atualizaram seus contratos de fornecedores para se protegerem contra APTs.

"Estamos apenas em fevereiro e já podemos declarar 2013 como o ano do hack", disse Tom Kellermann, CISM, conselheiro de confiança do governo dos EUA e vice-presidente de segurança cibernética da Trend Micro. "A pesquisa da ISACA revela que as empresas estão sob ataque e nem mesmo sabem disso. É necessário trazer essa consciência ao currículo de instrução dos profissionais de segurança para que possam construir a defesa customizada que precisam para combater esses ataques direcionados ".

O estudo da ISACA, patrocinado pela Trend Micro, está disponível para download gratuito em www.isaca.org/cybersecurity.

Sobre a ISACA

Com 100.000 membros em todo o mundo, a ISACA(www.isaca.org) ajuda as empresas a manter a confiança e o valor de suas informações e sistemas. Fundada em 1969, a ISACA avança e atesta as habilidades de TI e o conhecimento através das certificações CISA, CISM, CGEIT e CRISC. A ISACA desenvolveu a estrutura COBIT, que ajuda as empresas a administrar e controlar a suas informações e tecnologias.

Siga a ISACA no Twitter: https://twitter.com/ISACANews

O texto no idioma original deste anúncio é a versão oficial autorizada. As traduções são fornecidas apenas como uma facilidade e devem se referir ao texto no idioma original, que é a única versão do texto que tem efeito legal.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
IoT is rapidly changing the way enterprises are using data to improve business decision-making. In order to derive business value, organizations must unlock insights from the data gathered and then act on these. In their session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, and Peter Shashkin, Head of Development Department at EastBanc Technologies, discussed how one organization leveraged IoT, cloud technology and data analysis to improve customer experiences and effici...
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
"IoT is going to be a huge industry with a lot of value for end users, for industries, for consumers, for manufacturers. How can we use cloud to effectively manage IoT applications," stated Ian Khan, Innovation & Marketing Manager at Solgeniakhela, in this SYS-CON.tv interview at @ThingsExpo, held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, provided an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data professionals...
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Onalytica. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and G...
Information technology is an industry that has always experienced change, and the dramatic change sweeping across the industry today could not be truthfully described as the first time we've seen such widespread change impacting customer investments. However, the rate of the change, and the potential outcomes from today's digital transformation has the distinct potential to separate the industry into two camps: Organizations that see the change coming, embrace it, and successful leverage it; and...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Internet of @ThingsExpo, taking place June 6-8, 2017 at the Javits Center in New York City, New York, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @ThingsExpo New York Call for Papers is now open.
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Everyone knows that truly innovative companies learn as they go along, pushing boundaries in response to market changes and demands. What's more of a mystery is how to balance innovation on a fresh platform built from scratch with the legacy tech stack, product suite and customers that continue to serve as the business' foundation. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, discussed why and how ReadyTalk diverted from healthy revenue and mor...
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...