Hackers can target businesses within a matter of hours, it has been revealed in a new report.
According to Nuix’s Black Report, for which the company surveyed professional hackers, penetration testers, and incident responders, it takes just 15 hours for most attackers to breach target systems, identify critical data and exfiltrate it.
This is compared to the 200 to 300 hours it generally takes for an organisation to discover it has been breached.
According to the report, social engineering techniques such as phishing are a major part of hackers’ methods, with 88 per cent saying they rely on them to obtain information about a target before attacking.
Some 80 per cent of those surveyed reported that they use tools that are free and easily available online, while 70 per cent make use of “antiforensic tools or techniques to cover their tracks”.
In a worrying revelation for businesses, Nuix found that 93 per cent of the hackers it surveyed reported that their targets do not detect their attacks more than half the time. In addition, 100 per cent of hackers agreed that once an attacker has breached a business’ perimeter, the most sensitive data is “gone forever”.
Furthermore, seven out of ten respondents believe security professionals do not know what they’re looking for when trying to detect attacks. Meanwhile, nine out of ten said organisations do not address all the vulnerabilities they come across when conducting penetration tests.
Some 82 per cent of hackers believe using multiple security tools presents a risk to companies.
Highlighting the discrepancy between what hackers say they can achieve and the response of businesses, Harlan Carvey, director of intelligence integration at Nuix, said: “Perhaps the key takeaway from the Nuix Black Report is that your perception and understanding of the threat landscape may be in stark contrast to reality.”
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.