In addition, 43% of companies are somewhat prepared for APTs, and only 21% are well prepared, according to a survey of 244 IT security professionals conducted by ESG.
Jon Oltsik, senior principal analyst with ESG, said that when his team began the research for the report, there was a debate about whether APTs were a real and unique form of attack or “nothing more than a marketing term to add an alarming label to pedestrian types of attacks.”
The security professionals surveyed were asked whether APTs were in fact a real and unique threat. Half of the respondents believed that APTs are a unique type of threat, while 48% believed that they are “somewhat unique” but share similarities with past attacks; only 2% said APTs are not unique.
Of the companies that were well prepared for APTs, a vast majority of respondents (85%) said that APTs are a unique type of threat, according to the ESG study.
“This is consistent with several conversations I’ve had with CISOs [chief information security officers]: most said that they didn’t think that APTs were anything new until they were attacked. As they watched APT attacks unfold, they were blown away by how they adapted, moved around the network, rooted themselves in systems, and used sophisticated (and often homegrown) innovation to fool security tools and remain stealthy”, commented Oltsik.