Government bodies reveal surging APT-style attacks

Study reveals many show no cause for concern

Category:

Marlow, UK - 28th January 2013 – New research commissioned by Trend Micro in conjunction with Quocirca, shows that over 73% of public sector bodies said they had knowingly been victims of a targeted attack in the past with 38% saying these attacks had caused a significant impact on their organisation.

Trend Micro commissioned a survey of 300 organisations in a range of sectors and sizes in the UK, Germany and France to gain insight into a pernicious threat, which has now become a mainstream mode of attack for both cybercriminals and hacktivists.

Yet despite these experiences, over a third (35%) thought targeted attacks were not a cause for concern going forward. Given the increasingly large fines levied by the UK’s Information Commissioner’s Office for data breaches, and the negative publicity that comes as a result, failing to adequately prepare for such threats would appear to be a dangerous oversight.

“Governments are consistently among the top sectors targeted by advanced persistent threats and international espionage”, said Rik Ferguson, VP of security research at Trend Micro. “To discover that those victims and potential victims see it as "no cause for concern" betrays a worrying lack of comprehension of the nature and breadth of attack technologies arrayed against them and little regard for their persistence or sophistication. Effective security begins with the acceptance that breach will happen but must be designed to collect immediate actionable intelligence to allow threats to be identified an contained within the smallest possible timeframe.” 

The research further shows that 45% of public sector respondents even admitted that their concerns over fines as a result of attack were increasing and 62% said reputational damage worried them.
Of equal concern is that public sector respondents were the least likely (15%) to deploy technology to prevent targeted attacks. Over 41% of them said that less than one tenth of the security budget would be spent on such tools going forward. 

Typically, targeted attacks come in the form of threats which traditional security defences can’t detect or stop. This is perhaps borne out by the fact that 68% of public sector respondents – more than any other – said they had found malware on their systems which current defences hadn’t spotted. 

Those public sector bodies interviewed on behalf of Trend Micro and Quocirca were among the most exposed of any sector to such sophisticated threats. 79% said they were regularly or occasionally hit by zero day malware over the past 12 months, 73% had been exposed to polymorphic malware, 79% by encrypted malware and 82% to social engineering attacks.
While not always an indication of a targeted attack, these threats do illustrate an increasingly sophisticated and persistent foe. 

*The research was commission via Quocirca Ltd, a UK based analyst house. The full results will be published in February 2013

 


About Trend Micro
Trend Micro Incorporated (TYO: 4704), a global leader in security software, strives to make the world safe for exchanging digital information. Our solutions for consumers, Trend Micro™ Smart Protection Network™ provide layered content security to protect information on mobile devices, endpoints, gateways, servers and the cloud. Trend Micro enables the smart protection of information, with innovative security technology that is simple to deploy and manage, and fits an evolving ecosystem. Leveraging these solutions, organizations can protect their end users, their evolving data center and cloud resources, and their information threatened by sophisticated targeted attacks.

All of solutions are powered by cloud-based global threat intelligence, the Trend Micro™ Smart Protection Network™, and are supported by over 1,200 threat experts around the globe.

For more information, visit www.trendmicro.com/en_gb/. Or follow our news on Twitter at @TrendMicroUK.