Welcome!

Agile Computing Authors: Liz McMillan, Harry Trott, Ken Schwaber, Aruna Ravichandran, Elizabeth White

News Feed Item

Pesquisa de segurança cibernética da ISACA revela que uma em cada cinco empresas já experimentou um ataque de APT

Pesquisa global sobre segurança cibernética com mais de 1.500 profissionais de segurança fevelou que um em cada cinco profissionais disse que sua empresa já tinha experimentado um ataque de ameaça persistente avançada (APT). De acordo com o estudo realizado pela associação global de TI da ISACA, 94% dizem que APTs representam uma ameaça real para a segurança nacional e a estabilidade econômica, mas a maioria das empresas está empregando tecnologias ineficazes para se protegerem.

Os APTs, uma tática de espionagem com objetivo de roubar propriedade intelectual, foram motivo de manchetes na imprensa nos últimos anos por violação das maiores redes empresariais e governamentais de todo o mundo. Mais de 60% dos entrevistados dizem que é apenas uma questão de tempo até que sua empresa se torne alvo.

Conscientização da ISACA sobre ameaça avançada persistente: Os resultados do estudo mostram que 96% dos entrevistados dizem que estão de alguma forma familiarizados com os APTs. Embora isto seja positivo, 53% dizem que não acreditam que os APTs sejam diferentes das ameaças tradicionais—indicando que muitos não as entendem completamente.

"Os APTs são sofisticados, furtivos e implacáveis", disse Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, vice-presidente internacional da ISACA e chefe de segurança da informação do GRUPO INTRALOT. "As ameaças cibernéticas tradicionais muitas vezes movem-se para o próximo alvo quando não conseguem infiltrar-se no seu alvo inicial, mas um APT continuará tentando infiltrar-se no alvo desejado até que ele cumpra o seu objetivo—e quando isso acontece, ele pode se disfarçar e se transformar, quando necessário, o que o torna difícil de identificar ou parar."

Mais de 60% dos entrevistados dizem que estão prontos para responder a ataques APT. No entanto, antivírus e antimalware (95%) e tecnologias de perímetro de rede, como os firewalls (93%) estão no topo da lista de controles que suas empresas usam para parar APTs—uma declaração preocupante, levando em conta que APTs são conhecidos por evitar serem capturados por esses tipos de controles. O estudo mostra que os controles de segurança de dispositivos móveis, que são mais eficazes, são usados ​​com muito menos frequência.

"Os APTs precisam de muitas abordagens defensivas, do treinamento de conscientização que altera contratos de terceiros para garantir que os fornecedores estejam bem protegidos, até a implementação de controles técnicos", disse Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, FACS CP, diretor da ISACA e diretor de segurança da informação e garantia de TI da BRM Holdich.

O estudo também constatou que:

  • 90% dos entrevistados acreditam que o uso de sites de redes sociais aumenta a probabilidade de sucesso de um APT.
  • 87% acreditam que "traga seu próprio dispositivo" (BYOD), combinado com acesso superusuário [rooting] ou desbloqueio iOS [jailbreak] do aparelho, faz um ataque bem sucedido de APT ser mais provável.
  • Mais de 80% dizem que suas empresas não atualizaram seus contratos de fornecedores para se protegerem contra APTs.

"Estamos apenas em fevereiro e já podemos declarar 2013 como o ano do hack", disse Tom Kellermann, CISM, conselheiro de confiança do governo dos EUA e vice-presidente de segurança cibernética da Trend Micro. "A pesquisa da ISACA revela que as empresas estão sob ataque e nem mesmo sabem disso. É necessário trazer essa consciência ao currículo de instrução dos profissionais de segurança para que possam construir a defesa customizada que precisam para combater esses ataques direcionados ".

O estudo da ISACA, patrocinado pela Trend Micro, está disponível para download gratuito em www.isaca.org/cybersecurity.

Sobre a ISACA

Com 100.000 membros em todo o mundo, a ISACA(www.isaca.org) ajuda as empresas a manter a confiança e o valor de suas informações e sistemas. Fundada em 1969, a ISACA avança e atesta as habilidades de TI e o conhecimento através das certificações CISA, CISM, CGEIT e CRISC. A ISACA desenvolveu a estrutura COBIT, que ajuda as empresas a administrar e controlar a suas informações e tecnologias.

Siga a ISACA no Twitter: https://twitter.com/ISACANews

O texto no idioma original deste anúncio é a versão oficial autorizada. As traduções são fornecidas apenas como uma facilidade e devem se referir ao texto no idioma original, que é a única versão do texto que tem efeito legal.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
In his General Session at 17th Cloud Expo, Bruce Swann, Senior Product Marketing Manager for Adobe Campaign, explored the key ingredients of cross-channel marketing in a digital world. Learn how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects).
SYS-CON Events announced today that Catchpoint, a leading digital experience intelligence company, has been named “Silver Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Catchpoint Systems is a leading Digital Performance Analytics company that provides unparalleled insight into your customer-critical services to help you consistently deliver an amazing customer experience. Designed for digital business, C...
@ThingsExpo has been named the ‘Top WebRTC Influencer' by iTrend. iTrend processes millions of conversations, tweets, interactions, news articles, press releases, blog posts - and extract meaning form them and analyzes mobile and desktop software platforms used to communicate, various metadata (such as geo location), and automation tools. In overall placement, @ThingsExpo ranked as the number one ‘WebRTC Influencer' followed by @DevOpsSummit at 55th.
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
SYS-CON Events announced today that Linux Academy, the foremost online Linux and cloud training platform and community, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Linux Academy was founded on the belief that providing high-quality, in-depth training should be available at an affordable price. Industry leaders in quality training, provided services, and student certification passes, its goal is to c...
In the next five to ten years, millions, if not billions of things will become smarter. This smartness goes beyond connected things in our homes like the fridge, thermostat and fancy lighting, and into heavily regulated industries including aerospace, pharmaceutical/medical devices and energy. “Smartness” will embed itself within individual products that are part of our daily lives. We will engage with smart products - learning from them, informing them, and communicating with them. Smart produc...
"What is the next step in the evolution of IoT systems? The answer is data, information, which is a radical shift from assets, from things to input for decision making," stated Michael Minkevich, VP of Technology Services at Luxoft, in this SYS-CON.tv interview at @ThingsExpo, held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
The emerging Internet of Everything creates tremendous new opportunities for customer engagement and business model innovation. However, enterprises must overcome a number of critical challenges to bring these new solutions to market. In his session at @ThingsExpo, Michael Martin, CTO/CIO at nfrastructure, outlined these key challenges and recommended approaches for overcoming them to achieve speed and agility in the design, development and implementation of Internet of Everything solutions with...
WebRTC sits at the intersection between VoIP and the Web. As such, it poses some interesting challenges for those developing services on top of it, but also for those who need to test and monitor these services. In his session at WebRTC Summit, Tsahi Levent-Levi, co-founder of testRTC, reviewed the various challenges posed by WebRTC when it comes to testing and monitoring and on ways to overcome them.
Internet of @ThingsExpo, taking place June 6-8, 2017 at the Javits Center in New York City, New York, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @ThingsExpo New York Call for Papers is now open.
Smart Cities are here to stay, but for their promise to be delivered, the data they produce must not be put in new siloes. In his session at @ThingsExpo, Mathias Herberts, Co-founder and CTO of Cityzen Data, discussed the best practices that will ensure a successful smart city journey.
Every successful software product evolves from an idea to an enterprise system. Notably, the same way is passed by the product owner's company. In his session at 20th Cloud Expo, Oleg Lola, CEO of MobiDev, will provide a generalized overview of the evolution of a software product, the product owner, the needs that arise at various stages of this process, and the value brought by a software development partner to the product owner as a response to these needs.
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, John Jelinek IV, a web developer at Linux Academy, will discuss why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
The cloud market growth today is largely in public clouds. While there is a lot of spend in IT departments in virtualization, these aren’t yet translating into a true “cloud” experience within the enterprise. What is stopping the growth of the “private cloud” market? In his general session at 18th Cloud Expo, Nara Rajagopalan, CEO of Accelerite, explored the challenges in deploying, managing, and getting adoption for a private cloud within an enterprise. What are the key differences between wh...
"Tintri was started in 2008 with the express purpose of building a storage appliance that is ideal for virtualized environments. We support a lot of different hypervisor platforms from VMware to OpenStack to Hyper-V," explained Dan Florea, Director of Product Management at Tintri, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
The security needs of IoT environments require a strong, proven approach to maintain security, trust and privacy in their ecosystem. Assurance and protection of device identity, secure data encryption and authentication are the key security challenges organizations are trying to address when integrating IoT devices. This holds true for IoT applications in a wide range of industries, for example, healthcare, consumer devices, and manufacturing. In his session at @ThingsExpo, Lancen LaChance, vic...
Big Data, cloud, analytics, contextual information, wearable tech, sensors, mobility, and WebRTC: together, these advances have created a perfect storm of technologies that are disrupting and transforming classic communications models and ecosystems. In his session at @ThingsExpo, Erik Perotti, Senior Manager of New Ventures on Plantronics’ Innovation team, provided an overview of this technological shift, including associated business and consumer communications impacts, and opportunities it m...