By Lisa Lupo
Professional hackers can hack your system in less than 12 hours, but detecting data breaches take an average of 250 to 300 days — if they’re detected at all, according to The Black Report from the data security company Nuix. For the report, Nuix conducted a confidential survey of 70 professional hackers and penetration testers (pentester) at DEFCON, the world’s largest hacking and security conference.
Here’s what they said:
81% can identify and exfiltrate data in less than 12 hours.
88% can compromise a target in less than 12 hours.
50% change their attack methodologies with every target.
84% use social engineering as part of their attack strategy.
69% have almost never been caught in the act by security teams.
33% have never had their activities detected by their target organizations.
76% spend 1-10 hours per week researching security news and technology.
76% believe technical certifications are not a good indication of technical ability.
100% agree that once someone has accessed your data, it’s gone — like gone gone.
Among the most effective countermeasures are:
36% endpoint security
29% intrusion detection and prevention systems
10% firewalls
2% antivirus
Activities noted as extremely important in prevention are:
52% employee education
37% vulnerability scanning
30% goal-oriented penetration testing
16% employee incentives
15% bug-bounty programs
Among the least effective:
42% data hygiene and information governance
22% everything. This group said no security countermeasures can stop them; full compromise is only a matter of time.
REMEDIATION. Interestingly, even after a penetration test shows vulnerability, organizations usually only conduct limited remediation, which is generally focused on critical and high vulnerabilities. It is a statistic that exasperates pentesters, with 64% stating that their biggest frustration is that organizations don’t fix the things they know are broken.
“The Nuix Black Report illuminates the true nexus between attacker methodology and defensive posture; showing which countermeasures will improve security and which are a waste of money and resources,” said Chris Pogue, Nuix’s Chief Information Security Officer and co-author of the report.
“Readers will learn what is the best spend for their security dollar and, more critically, why,” he added.
Source: Nuix. Read the full report here.
Get curated news on YOUR industry.
Enter your email to receive our newsletters.
Explore the April 2017 Issue
Check out more from this issue and find your next story to read.
Latest from Quality Assurance & Food Safety
- Q&A: Sandra Eskin Leads Food Safety Advocacy Organization, STOP, as CEO
- STOP CEO Eskin on Government Layoffs, Challenges in Food Safety
- Mission Barns Announces Cell-Cultivated Pork Fat Launch Following FDA Clearance
- Hearthside Food Solutions Recalls Breakfast Sandwiches Due to Undeclared Allergen
- Walker’s Wine Juice Recalls Pumpkin Juice Due to Botulism Risk
- The Cascading Food Safety Impacts of Tariffs on the Food Industry
- Tyson Ventures Calls Startups to Apply for Tyson Demo Day
- Student Finalists Selected for IFT Product Development Competitions
