Related Stories

  • The real world consequences of an APT hack
    Security researcher Brian Krebs has detailed an interesting analysis of how an APT attack ended up with Chinese hackers effectively running amok on a hedge fund's IT resource – and how the company dealt with the problem.
  • Comment: It’s Time to Take APTs Seriously
    Ross Brewer of LogRhythm explores the danger posed by advanced persistent threats, the rash of high-profile data breaches that have been making headlines this year, and the steps organizations should be taking to protect IT assets
  • Trend Micro threat researchers track major international targeted APT attack
    A pair of threat researchers are reporting the arrival of a major targeted attack campaign against servers in 61 countries, with victims ranging diplomatic missions, government ministries, space-related government agencies and other companies and research institutions.
  • Dell SecureWorks says 60 families of APT malware traced back to China
    After researching the growing problem of APTs (Advanced Persistent Threats) – a security issue first discovered by StoneSoft late last year - Dell SecureWorks claims to have revealed around 60 different types of families of custom malware that use APTs as their infection vehicle.
  • Taking the initiative: Proactive defense offers APT protection
    The recent rash of advanced persistent threat (APT) attacks has prompted many organizations to rethink their information security approach based on blocking hackers to a proactive one of identifying and stopping hackers before they penetrate the network.

Top 5 Stories


More than a third of US companies are not prepared to fend off APTs

02 November 2011

More than one-third of US companies are poorly prepared for advanced persistent threats (APT), according to a report by the Enterprise Strategy Group (ESG).

In addition, 43% of companies are somewhat prepared for APTs, and only 21% are well prepared, according to a survey of 244 IT security professionals conducted by ESG.

Jon Oltsik, senior principal analyst with ESG, said that when his team began the research for the report, there was a debate about whether APTs were a real and unique form of attack or “nothing more than a marketing term to add an alarming label to pedestrian types of attacks.”

The security professionals surveyed were asked whether APTs were in fact a real and unique threat. Half of the respondents believed that APTs are a unique type of threat, while 48% believed that they are “somewhat unique” but share similarities with past attacks; only 2% said APTs are not unique.

Of the companies that were well prepared for APTs, a vast majority of respondents (85%) said that APTs are a unique type of threat, according to the ESG study.

“This is consistent with several conversations I’ve had with CISOs [chief information security officers]: most said that they didn’t think that APTs were anything new until they were attacked. As they watched APT attacks unfold, they were blown away by how they adapted, moved around the network, rooted themselves in systems, and used sophisticated (and often homegrown) innovation to fool security tools and remain stealthy”, commented Oltsik.

This article is featured in:
Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×