IT Security

What hackers say

by Mark Rowe

Most (88pc) of hackers can break through cybersecurity defences and into the systems they target within 12 hours, while four in five, 81pc say they can identify and take valuable data within another 12 hours, even though the breach may not be discovered for hundreds of days. This is according to research by Nuix, the eDiscovery and cyber investigations software firm.

The Nuix Black Report airs the results of a confidential survey of 70 hackers and penetration testers at DEFCON, the US-based hacking and security conference, which next runs at Caesars Palace, Las Vegas from July 27 to 30.

Chris Pogue, Nuix’s Chief Information Security Officer and a co-author of the Nuix Black Report said: “There is no shortage of cybersecurity industry reports so we’ve avoided going down the familiar path of compiling data about incidents that have already taken place or highlighting trends and patterns in data breaches—these are clearly the symptoms of a deeper problem. Instead, we have focused on the source of the threat landscape: the attackers themselves.”

By examining the security landscape from the hacker’s perspective, the IT firm says that its results are contrary to the conventional understanding of cybersecurity. For example:

– Respondents said traditional countermeasures such as firewalls and antivirus almost never slowed them down but endpoint security technologies were more effective at stopping attacks;
– More than half of respondents changed their methodologies with every target, severely limiting the effectiveness of security defenses based on known files and attacks; and
– Around one-third of attackers said their target organisations never detected their activities.

Pogue added: “Data breaches take an average of 250 to 300 days to detect — if they’re detected at all — but most attackers tell us they can break in and steal the target data within 24 hours. Organisations need to get much better at detecting and remediating breaches using a combination of people and technology.”

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing