Over a four-week period earlier this year, KPMG studied a number of organisations in Sweden to gather information relating to malicious traffic. During this time period, 15,586 security alerts were recorded.
The study spanned 14 organisations covering different verticals, sectors and sizes.
Astonishingly, 93% of those organisations that took part were ‘breached’ in the given time frame. The word ‘breached’ in this report has been defined by the existence of call-back traffic, where malware had been planted on the host level to call a remote server and wait for a response.
Advanced persistent threats, or APTs as they’re more commonly known, are a dangerous type of attack directed against specifically targeted victims. The APT process can be split into five distinct stages:
- Initial intrusion
- Installation of malware
- Call home
- Spread locally
The types of people behind APTs are often “well organised and financed actors with long term objectives” to acquire sensitive information.
In order to protect assets and infrastructure, organisations throughout Europe often seek ISO27001 certification, using the international Standard to centralise and simplify disjointed compliance efforts. It covers not only the technology aspects of a business, but also people and processes involved with information security.
ISO27001 presents a comprehensive and international approach to implementing and maintaining an information security management system (ISMS), and companies will often achieve compliance with related legal and regulatory requirements simply by achieving ISO27001 certification.
For a straightforward approach to ISO27001 certification, view our simplified solutions.
View the PDF version of KPMG’s report into the unknown threats in Sweden.