Most Hackers Can Steal Data Within 24 Hours

February 28, 2017

More than three-quarters (88%) of hackers can break through cybersecurity defenses and into the systems they target within 12 hours, while 81% say they can identify and take valuable data within another 12 hours, even though the breach may not be discovered for hundreds of days, according to research by global technology company Nuix.

The Nuix Black Report—the results of a confidential survey of 70 professional hackers and penetration testers at DEFCON, the world's largest hacking and security conference—will overturn many conventional understandings and sacred cows of the cybersecurity industry.

"There is no shortage of cybersecurity industry reports so we've avoided going down the familiar path of compiling data about incidents that have already taken place or highlighting trends and patterns in data breaches—these are clearly the symptoms of a deeper problem," said Chris Pogue, Nuix's Chief Information Security Officer and a co-author of the Nuix Black Report. "Instead, we have focused on the source of the threat landscape: the attackers themselves."

By examining the security landscape from the hacker's perspective, the Nuix Black Report has revealed results that are contrary to the conventional understanding of cybersecurity. For example:

Respondents said traditional countermeasures such as firewalls and antivirus almost never slowed them down but endpoint security technologies were more effective at stopping attacks
More than half of respondents changed their methodologies with every target, severely limiting the effectiveness of security defenses based on known files and attacks
Around one-third of attackers said their target organizations never detected their activities.

"Data breaches take an average of 250–300 days to detect—if they're detected at all—but most attackers tell us they can break in and steal the target data within 24 hours," said Pogue. "Organizations need to get much better at detecting and remediating breaches using a combination of people and technology."

https://www.nuix.com/white-papers/black-report

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Right now, in the pandemic environment, business leaders are balancing internal priorities – managing cost and impacts to productivity – with market and external priorities like government requirements, customer needs, and perceived standards of safety and health.

Security Magazine

2020 August

This month in Security magazine, we examine how physical security leaders are being propelled into a unique position of revenue preservers and risk managers for their businesses. In addition, we profile Scott Ashworth, Director of Security for Atlanta United. Also, security leaders discuss how to develop cybersecurity careers, election security, data protection strategies, measuring and reporting security operations maturity and more!

View More Create Account

Most Hackers Can Steal Data Within 24 Hours

Related Articles

Related Products

Related Events

Report Abusive Comment