By Lisa Lupo
Professional hackers can hack your system in less than 12 hours, but detecting data breaches take an average of 250 to 300 days — if they’re detected at all, according to The Black Report from the data security company Nuix. For the report, Nuix conducted a confidential survey of 70 professional hackers and penetration testers (pentester) at DEFCON, the world’s largest hacking and security conference.
Here’s what they said:
81% can identify and exfiltrate data in less than 12 hours.
88% can compromise a target in less than 12 hours.
50% change their attack methodologies with every target.
84% use social engineering as part of their attack strategy.
69% have almost never been caught in the act by security teams.
33% have never had their activities detected by their target organizations.
76% spend 1-10 hours per week researching security news and technology.
76% believe technical certifications are not a good indication of technical ability.
100% agree that once someone has accessed your data, it’s gone — like gone gone.
Among the most effective countermeasures are:
36% endpoint security
29% intrusion detection and prevention systems
10% firewalls
2% antivirus
Activities noted as extremely important in prevention are:
52% employee education
37% vulnerability scanning
30% goal-oriented penetration testing
16% employee incentives
15% bug-bounty programs
Among the least effective:
42% data hygiene and information governance
22% everything. This group said no security countermeasures can stop them; full compromise is only a matter of time.
REMEDIATION. Interestingly, even after a penetration test shows vulnerability, organizations usually only conduct limited remediation, which is generally focused on critical and high vulnerabilities. It is a statistic that exasperates pentesters, with 64% stating that their biggest frustration is that organizations don’t fix the things they know are broken.
“The Nuix Black Report illuminates the true nexus between attacker methodology and defensive posture; showing which countermeasures will improve security and which are a waste of money and resources,” said Chris Pogue, Nuix’s Chief Information Security Officer and co-author of the report.
“Readers will learn what is the best spend for their security dollar and, more critically, why,” he added.
Source: Nuix. Read the full report here.
Explore the April 2017 Issue
Check out more from this issue and find your next story to read.
Latest from Quality Assurance & Food Safety
- FDA and EPA Announce First Registered Pre-Harvest Agricultural Water Treatment
- USDA’s Agricultural Research Technology Center Breaks Ground in California
- Submissions Open for Fourth Annual Seeding the Future Global Food System Challenge
- PPM Technologies Introduces FlavorWright SmartSpray Food Coating System
- Mettler Toledo Unveils New X52 X-Ray Solution
- FDA Issues Final Compliance Policy Guide for Scombrotoxin (Histamine)-Forming Fish and Fishery Products
- World Food Prize Foundation Announces $50,000 Innovate for Impact Challenge
- Ron Simon & Associates Retained by 33 Victims in McDonald's E. coli Outbreak