Some CIOs, IT managers unable to track advanced evasion techniques: survey

Some CIOs, IT managers unable to track advanced evasion techniques: survey

Fifteen per cent out of 100 Australian CIOs and IT managers surveyed said their company had experienced a breach in the past year

There are 800 million known advanced evasion techniques (AETs) but some CIOs and security managers don’t have the methods to track AETs within their company, according to the results of a new study.

AETs are methods of disguise used to penetrate target networks and deliver malicious payloads. Using AETs, a cyber-criminal can split apart exploit code into pieces, bypass a firewall and once inside the network, reassemble the code to unleash malware.

A Vanson Bourne survey called The Security Industry’s Dirty Little Secret, which was commissioned by McAfee, surveyed 50 CIOs and 50 IT/security managers from Australia during January 2014.

The survey also spoke to CIOs and security managers in the United States, United Kingdom, Germany, France, Brazil and South Africa. A total of 800 respondents took part in the survey.

According to the survey, only 41 per cent of Australian respondents could identify the correct definition for an AET. This was lower than the global average of 44 per cent.

Fifteen per cent of Australian respondents said their company had experienced a breach in the past year. This was below the global average of 22 per cent.

Twenty-seven per cent of Australian respondents said they were worried about criminal organisations trying to steal customer or financial information, while 26 per cent said hacktivists intent on disrupting their business would want to attack their network.

In addition, 21 per cent of Australian CIOs and security managers surveyed said they were concerned about corporate espionage from a competitor trying to steal intellectual property or processes, while 18 per cent were worried about members of a nation state trying to steal company secrets.

McAfee Asia Pacific CTO Sean Duca said finding AETs requires traffic analysis and deep packet inspection.

“This inspection requires a great deal of processing power, which can negatively impact throughput performance of some network security solutions. This means vendors would need to change the entire architecture of their offerings,” he said in a statement.

“Australian businesses should expect more from their security provider, and demand more from the technology they already have. If their security offerings are not able to detect all types of attacks which disguise themselves and attempt to penetrate the network, their data is at risk.”

Over half of global respondents indicated that AETs pose an immediate and serious threat to their company and 69 per cent say AETs can already exploit known vulnerabilities. This figure was lower in Australia (59 per cent).

Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hackingmcafeeadvanced evasion techniques

More about FacebookMcAfee Australia

Show Comments