88% of hackers can breach a system in 12 hours

Around 88% of hackers and penetration testers say they can compromise a target’s systems in under 12 hours, and 69% report that enterprise security teams almost never catch them in the act.

A report from Australian technology company Nuix, based on interviews with hackers and penetration testers at last year’s Black Hat and DEFCON 24 conferences, also found that half of hackers change their attack methods with every target.

The interviews, conducted by Nuix CISO and US Secret Service Electronic Crimes Task Force member Chris Pogue, uncovered a gap between hackers’ abilities to infiltrate a target and security teams’ abilities to detect and respond to attacks.

More than four in five (81%) respondents say they can identify and steal valuable data within 12 hours of gaining access. Yet data breaches can take an average of 250–300 days to detect, if they’re detected at all — around a third of attackers said their targets never detected their activities.

Hackers reported that traditional countermeasures such as firewalls and antivirus almost never slowed them down. By contrast, endpoint security technologies were seen as more effective at stopping attacks.

Pogue said the results of the research demonstrate that “organisations need to get much better at detecting and remediating breaches using a combination of people and technology”.

Separate research from Intel Security and the Centre for Strategic and International Studies (CSIS) likewise highlights the disparity between the cultures of attackers and the companies forced to defend themselves against them — differences that gives attackers an inherent advantage.

The report notes that black hat hackers have a financial incentive to foster a culture of rapid collaboration, innovation and specialisation, and this has created an efficient, fluid and dynamic marketplace for black hat talent.

But organisations often lack the same incentive structure, and efforts to innovate are often held back by bureaucracy, rigid hierarchies and top-down decision-making.

As a symptom of this, 56% of Australian cybersecurity professionals say that their role lacks incentives, while 60% believe that their organisation is more concerned about its reputation than staying secure.

“Cybercriminals have a clear financial incentive for their work and are rewarded for innovation and the sharing of information and workings,” Intel Security APAC Vice President Daryush Ashjari said.

“The price of cybercrime is reason enough to learn from the way cybercriminals work and introduce direct incentives for employees as well as increased transparency within businesses. In turn, this will help to increase responsiveness to cyber attacks and ensure that businesses are as nimble and agile as the criminals they seek to apprehend.”

The report also found that while 92% of Australian organisations have a cybersecurity strategy, only 42% have fully implemented these strategies. Executives are more likely to believe that their strategy is fully implemented, but only two in five frontline staff at Australian organisations agree.

This disparity is likely down to the fact that the senior executives designing cybersecurity strategies measure success differently than the staff in charge of putting those strategies into practice, it states.

Image courtesy of CHRISTOPHER DOMBRES under CC

Follow us on Twitter and Facebook