Do you think you are safe from a cyber attack?
Are you sitting back and thinking that your organization is safe from hacker intrusion? Unfortunately, the hackers are probably one step ahead of you all the way, constantly changing tactics and seldom using the same pathway in a second target enterprise.
Research by global technology company Nuix shows that 88% of hackers can break through cybersecurity defenses and into the systems they are targeting within 12 hours. More than 80% say they can identify and steal valuable information within a further 12 hours, but the chances are that the breach will not be discovered for hundreds of days.
Contradicting cyber security beliefs
The Nuix Black Report—the results of a confidential survey of 70 professional hackers and penetration testers at DEFCON, the world’s largest hacking and security conference, overturns many conventional beliefs and commonly held truths of the cybersecurity industry.
“There is no shortage of cybersecurity industry reports so we’ve avoided going down the familiar path of compiling data about incidents that have already taken place or highlighting trends and patterns in data breaches—these are clearly the symptoms of a deeper problem,” said Chris Pogue, Nuix’s Chief Information Security Officer and a co-author of the Nuix Black Report. “Instead, we have focused on the source of the threat landscape: the attackers themselves.”
Looking from the hacker’s point of view
Examining the security landscape from the hacker’s point of view, the Nuix Black Report has revealed results that fly in the face of the conventional understanding of cybersecurity. For example:
- Respondents said traditional countermeasures such as firewalls and antivirus almost never slowed them down but endpoint security technologies were more effective at stopping attacks
- More than half of all respondents changed their methodologies with every target, severely limiting the effectiveness of security defenses based on known files and attacks
- Around one-third of attackers said their target organizations never detected their activities.
How can you improve security in your organization?
“Data breaches will take an average of 250–300 days to detect—if they are ever detected at all—but most attackers say that they can break in and steal target data within the first 24 hours,” said Pogue. “Organizations need to get much better at detecting and remediating breaches using a combination of people and technology.”
“The Nuix Black Report illuminates the true nexus between attacker methodology and defensive posture. The report shows which countermeasures will improve security and which are a waste of money and resources,” said Pogue. “Readers will learn what is the best spend for their security dollar and, more critically, why.”