As organisations try to counter the growing threat from Advanced Evasion Techniques, a study commissioned by security technology firm McAfee on Tuesday said that data breaches have cost firms over $1 million on an average in the last 12 months.
The study, Security industry's dirty little secret, which was conducted by technology market research firm Vanson Bourne examines the controversy and confusion surrounding AETs and the role they play in Advanced Persistent Threats.
AETs is a network attack that combines different known evasion methods to create a new technique that is delivered over several layers of the network simultaneously and provides the attacker with undetectable access to the network.
"On average, those who experienced a breach in the last 12 months reported a cost to their organisation of upwards of $1 million," the study said.
It added that some of the recent high profile data breaches have demonstrated that criminal activity can still evade detection for a long period.
The study covered 800
Chief Information Officers and security managers from the US, the UK, Germany, France, Australia, Brazil and South Africa.
It showed that misunderstandings, misinterpretation and ineffective safeguards in use by security experts charged with protecting sensitive data.
"Survey respondents acknowledged this and more than one in five security professionals admit their network was breached (22 per cent). Nearly 40 per cent of those breached believe that AETs played a key role," the study said.
About 40 per cent of the IT decision-makers covered said they do not believe having methods to detect and track AETs within their organisation, it added. Almost two-thirds of respondents said the biggest challenge, when trying to implement technology against AETs, is convincing the board that they are a real and serious threat, it said.
Of the estimated 800 million known AETs, less than one per cent is detected by other vendor's firewalls.
The prevalence of these techniques has risen significantly since 2010 with millions of combinations and modifications of network-based AETs having been identified to date, McAfee said.