Cyber-attacks, malware, virus, ransomware. To the lay person, these may mean the same thing: an attack on the network. While advanced persistent threats, or APTs, are just this, they occur over a longer period of time, require a high degree of covertness, use sophisticated techniques to exploit vulnerabilities in systems and attempt to steal an organization’s intellectual property. These attacks can be very harmful, as they typically target organizations in sectors and industries with high-value information, such as national defense, critical infrastructure and financial services.

The Need for More Insight – and Greater Preparedness

In 2012, ISACA launched a series of surveys on security professionals’ understanding and opinions of APTs, technical controls, internal incidents, policy adherence and management support.

  • The 2015 study revealed positive trends since the 2014 survey. One specific area of interest focused on the increased executive involvement in security initiatives.
  • The survey results indicated that respondents noted that security budgets have increased and a majority of respondents reported increased visible support from senior executives.



Cross-Enterprise Collaboration is Critical – as is Executive Championship

As we tell our clients, the best approach to creating a security risk management plan is to involve various departments – security, corporate risk and HR – and that it’s critical to have buy-in from executives.

The fact that more senior executives are becoming involved is encouraging, especially at a time when cyber security incidents occur on an almost daily basis and are more complex to address. As we’ve seen with our own clients, plans that have support from the executive team yield more positive results than those that don’t.

While the survey reveals positive trends in one area, there are still some that need improvements. To read the full report, click here.