Hackers can target organisations ‘within hours’

Hackers can target organisations ‘within hours’ [Image: xijian via iStock]

Hackers can target businesses within a matter of hours, it has been revealed in a new report.

According to Nuix’s Black Report, for which the company surveyed professional hackers, penetration testers, and incident responders, it takes just 15 hours for most attackers to breach target systems, identify critical data and exfiltrate it.

This is compared to the 200 to 300 hours it generally takes for an organisation to discover it has been breached.

According to the report, social engineering techniques such as phishing are a major part of hackers’ methods, with 88 per cent saying they rely on them to obtain information about a target before attacking.

Some 80 per cent of those surveyed reported that they use tools that are free and easily available online, while 70 per cent make use of “antiforensic tools or techniques to cover their tracks”.

In a worrying revelation for businesses, Nuix found that 93 per cent of the hackers it surveyed reported that their targets do not detect their attacks more than half the time. In addition, 100 per cent of hackers agreed that once an attacker has breached a business’ perimeter, the most sensitive data is “gone forever”.

Furthermore, seven out of ten respondents believe security professionals do not know what they’re looking for when trying to detect attacks. Meanwhile, nine out of ten said organisations do not address all the vulnerabilities they come across when conducting penetration tests.

Some 82 per cent of hackers believe using multiple security tools presents a risk to companies.

Highlighting the discrepancy between what hackers say they can achieve and the response of businesses, Harlan Carvey, director of intelligence integration at Nuix, said: “Perhaps the key takeaway from the Nuix Black Report is that your perception and understanding of the threat landscape may be in stark contrast to reality.”