Welcome!

Web 2.0 Authors: Pat Romanski, Elizabeth White, Plutora Blog, Liz McMillan, Jnan Dash

News Feed Item

Pesquisa de segurança cibernética da ISACA revela que uma em cada cinco empresas já experimentou um ataque de APT

Pesquisa global sobre segurança cibernética com mais de 1.500 profissionais de segurança fevelou que um em cada cinco profissionais disse que sua empresa já tinha experimentado um ataque de ameaça persistente avançada (APT). De acordo com o estudo realizado pela associação global de TI da ISACA, 94% dizem que APTs representam uma ameaça real para a segurança nacional e a estabilidade econômica, mas a maioria das empresas está empregando tecnologias ineficazes para se protegerem.

Os APTs, uma tática de espionagem com objetivo de roubar propriedade intelectual, foram motivo de manchetes na imprensa nos últimos anos por violação das maiores redes empresariais e governamentais de todo o mundo. Mais de 60% dos entrevistados dizem que é apenas uma questão de tempo até que sua empresa se torne alvo.

Conscientização da ISACA sobre ameaça avançada persistente: Os resultados do estudo mostram que 96% dos entrevistados dizem que estão de alguma forma familiarizados com os APTs. Embora isto seja positivo, 53% dizem que não acreditam que os APTs sejam diferentes das ameaças tradicionais—indicando que muitos não as entendem completamente.

"Os APTs são sofisticados, furtivos e implacáveis", disse Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, vice-presidente internacional da ISACA e chefe de segurança da informação do GRUPO INTRALOT. "As ameaças cibernéticas tradicionais muitas vezes movem-se para o próximo alvo quando não conseguem infiltrar-se no seu alvo inicial, mas um APT continuará tentando infiltrar-se no alvo desejado até que ele cumpra o seu objetivo—e quando isso acontece, ele pode se disfarçar e se transformar, quando necessário, o que o torna difícil de identificar ou parar."

Mais de 60% dos entrevistados dizem que estão prontos para responder a ataques APT. No entanto, antivírus e antimalware (95%) e tecnologias de perímetro de rede, como os firewalls (93%) estão no topo da lista de controles que suas empresas usam para parar APTs—uma declaração preocupante, levando em conta que APTs são conhecidos por evitar serem capturados por esses tipos de controles. O estudo mostra que os controles de segurança de dispositivos móveis, que são mais eficazes, são usados ​​com muito menos frequência.

"Os APTs precisam de muitas abordagens defensivas, do treinamento de conscientização que altera contratos de terceiros para garantir que os fornecedores estejam bem protegidos, até a implementação de controles técnicos", disse Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, FACS CP, diretor da ISACA e diretor de segurança da informação e garantia de TI da BRM Holdich.

O estudo também constatou que:

  • 90% dos entrevistados acreditam que o uso de sites de redes sociais aumenta a probabilidade de sucesso de um APT.
  • 87% acreditam que "traga seu próprio dispositivo" (BYOD), combinado com acesso superusuário [rooting] ou desbloqueio iOS [jailbreak] do aparelho, faz um ataque bem sucedido de APT ser mais provável.
  • Mais de 80% dizem que suas empresas não atualizaram seus contratos de fornecedores para se protegerem contra APTs.

"Estamos apenas em fevereiro e já podemos declarar 2013 como o ano do hack", disse Tom Kellermann, CISM, conselheiro de confiança do governo dos EUA e vice-presidente de segurança cibernética da Trend Micro. "A pesquisa da ISACA revela que as empresas estão sob ataque e nem mesmo sabem disso. É necessário trazer essa consciência ao currículo de instrução dos profissionais de segurança para que possam construir a defesa customizada que precisam para combater esses ataques direcionados ".

O estudo da ISACA, patrocinado pela Trend Micro, está disponível para download gratuito em www.isaca.org/cybersecurity.

Sobre a ISACA

Com 100.000 membros em todo o mundo, a ISACA(www.isaca.org) ajuda as empresas a manter a confiança e o valor de suas informações e sistemas. Fundada em 1969, a ISACA avança e atesta as habilidades de TI e o conhecimento através das certificações CISA, CISM, CGEIT e CRISC. A ISACA desenvolveu a estrutura COBIT, que ajuda as empresas a administrar e controlar a suas informações e tecnologias.

Siga a ISACA no Twitter: https://twitter.com/ISACANews

O texto no idioma original deste anúncio é a versão oficial autorizada. As traduções são fornecidas apenas como uma facilidade e devem se referir ao texto no idioma original, que é a única versão do texto que tem efeito legal.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
Code Halos - aka "digital fingerprints" - are the key organizing principle to understand a) how dumb things become smart and b) how to monetize this dynamic. In his session at @ThingsExpo, Robert Brown, AVP, Center for the Future of Work at Cognizant Technology Solutions, outlined research, analysis and recommendations from his recently published book on this phenomena on the way leading edge organizations like GE and Disney are unlocking the Internet of Things opportunity and what steps your organization should be taking to position itself for the next platform of digital competition.
In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect at GE, and Ibrahim Gokcen, who leads GE's advanced IoT analytics, focused on the Internet of Things / Industrial Internet and how to make it operational for business end-users. Learn about the challenges posed by machine and sensor data and how to marry it with enterprise data. They also discussed the tips and tricks to provide the Industrial Internet as an end-user consumable service using Big Data Analytics and Industrial Cloud.
SYS-CON Media announced that Splunk, a provider of the leading software platform for real-time Operational Intelligence, has launched an ad campaign on Big Data Journal. Splunk software and cloud services enable organizations to search, monitor, analyze and visualize machine-generated big data coming from websites, applications, servers, networks, sensors and mobile devices. The ads focus on delivering ROI - how improved uptime delivered $6M in annual ROI, improving customer operations by mining large volumes of unstructured data, and how data tracking delivers uptime when it matters most.
Things are being built upon cloud foundations to transform organizations. This CEO Power Panel at 15th Cloud Expo, moderated by Roger Strukhoff, Cloud Expo and @ThingsExpo conference chair, addressed the big issues involving these technologies and, more important, the results they will achieve. Rodney Rogers, chairman and CEO of Virtustream; Brendan O'Brien, co-founder of Aria Systems, Bart Copeland, president and CEO of ActiveState Software; Jim Cowie, chief scientist at Dyn; Dave Wagstaff, VP and chief architect at BSQUARE Corporation; Seth Proctor, CTO of NuoDB, Inc.; and Andris Gailitis, C...
SYS-CON Media announced that Cisco, a worldwide leader in IT that helps companies seize the opportunities of tomorrow, has launched a new ad campaign in Cloud Computing Journal. The ad campaign, a webcast titled 'Is Your Data Center Ready for the Application Economy?', focuses on the latest data center networking technologies, including SDN or ACI, and how customers are using SDN and ACI in their organizations to achieve business agility. The Cisco webcast is available on-demand.
Today’s enterprise is being driven by disruptive competitive and human capital requirements to provide enterprise application access through not only desktops, but also mobile devices. To retrofit existing programs across all these devices using traditional programming methods is very costly and time consuming – often prohibitively so. In his session at @ThingsExpo, Jesse Shiah, CEO, President, and Co-Founder of AgilePoint Inc., discussed how you can create applications that run on all mobile devices as well as laptops and desktops using a visual drag-and-drop application – and eForms-buildi...
The Industrial Internet revolution is now underway, enabled by connected machines and billions of devices that communicate and collaborate. The massive amounts of Big Data requiring real-time analysis is flooding legacy IT systems and giving way to cloud environments that can handle the unpredictable workloads. Yet many barriers remain until we can fully realize the opportunities and benefits from the convergence of machines and devices with Big Data and the cloud, including interoperability, data security and privacy.
IoT is still a vague buzzword for many people. In his session at @ThingsExpo, Mike Kavis, Vice President & Principal Cloud Architect at Cloud Technology Partners, discussed the business value of IoT that goes far beyond the general public's perception that IoT is all about wearables and home consumer services. He also discussed how IoT is perceived by investors and how venture capitalist access this space. Other topics discussed were barriers to success, what is new, what is old, and what the future may hold. Mike Kavis is Vice President & Principal Cloud Architect at Cloud Technology Pa...
The Internet of Things (IoT) is rapidly in the process of breaking from its heretofore relatively obscure enterprise applications (such as plant floor control and supply chain management) and going mainstream into the consumer space. More and more creative folks are interconnecting everyday products such as household items, mobile devices, appliances and cars, and unleashing new and imaginative scenarios. We are seeing a lot of excitement around applications in home automation, personal fitness, and in-car entertainment and this excitement will bleed into other areas. On the commercial side, m...
SYS-CON Events announced today that CodeFutures, a leading supplier of database performance tools, has been named a “Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. CodeFutures is an independent software vendor focused on providing tools that deliver database performance tools that increase productivity during database development and increase database performance and scalability during production.
Dale Kim is the Director of Industry Solutions at MapR. His background includes a variety of technical and management roles at information technology companies. While his experience includes work with relational databases, much of his career pertains to non-relational data in the areas of search, content management, and NoSQL, and includes senior roles in technical marketing, sales engineering, and support engineering. Dale holds an MBA from Santa Clara University, and a BA in Computer Science from the University of California, Berkeley.
The Internet of Things (IoT) promises to evolve the way the world does business; however, understanding how to apply it to your company can be a mystery. Most people struggle with understanding the potential business uses or tend to get caught up in the technology, resulting in solutions that fail to meet even minimum business goals. In his session at @ThingsExpo, Jesse Shiah, CEO / President / Co-Founder of AgilePoint Inc., showed what is needed to leverage the IoT to transform your business. He discussed opportunities and challenges ahead for the IoT from a market and technical point of vie...
"People are a lot more knowledgeable about APIs now. There are two types of people who work with APIs - IT people who want to use APIs for something internal and the product managers who want to do something outside APIs for people to connect to them," explained Roberto Medrano, Executive Vice President at SOA Software, in this SYS-CON.tv interview at Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Performance is the intersection of power, agility, control, and choice. If you value performance, and more specifically consistent performance, you need to look beyond simple virtualized compute. Many factors need to be considered to create a truly performant environment. In his General Session at 15th Cloud Expo, Harold Hannon, Sr. Software Architect at SoftLayer, discussed how to take advantage of a multitude of compute options and platform features to make cloud the cornerstone of your online presence.
In this Women in Technology Power Panel at 15th Cloud Expo, moderated by Anne Plese, Senior Consultant, Cloud Product Marketing at Verizon Enterprise, Esmeralda Swartz, CMO at MetraTech; Evelyn de Souza, Data Privacy and Compliance Strategy Leader at Cisco Systems; Seema Jethani, Director of Product Management at Basho Technologies; Victoria Livschitz, CEO of Qubell Inc.; Anne Hungate, Senior Director of Software Quality at DIRECTV, discussed what path they took to find their spot within the technology industry and how do they see opportunities for other women in their area of expertise.
DevOps Summit 2015 New York, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential.
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity.
"BSQUARE is in the business of selling software solutions for smart connected devices. It's obvious that IoT has moved from being a technology to being a fundamental part of business, and in the last 18 months people have said let's figure out how to do it and let's put some focus on it, " explained Dave Wagstaff, VP & Chief Architect, at BSQUARE Corporation, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Advanced Persistent Threats (APTs) are increasing at an unprecedented rate. The threat landscape of today is drastically different than just a few years ago. Attacks are much more organized and sophisticated. They are harder to detect and even harder to anticipate. In the foreseeable future it's going to get a whole lot harder. Everything you know today will change. Keeping up with this changing landscape is already a daunting task. Your organization needs to use the latest tools, methods and expertise to guard against those threats. But will that be enough? In the foreseeable future attacks w...