Just like cyber security professionals are constantly looking for ways to develop better and more secure software programs, hackers are always staying on top of the newest updates to overcome the latest defenses. To understand the importance of cyber security and how to stay ahead of hackers, it can be helpful to look at things from the opposite point of view—a hacker trying to get into your business’s system.
A recent Nuix Black Report surveyed 70 of the world’s best professional hackers and found that 88 percent of hackers can break into their desired system and get through cyber security defenses in 12 hours or less. It only takes an additional 12 hours for 81 percent of hackers to find and take valuable data.
Instead of looking at hacking incidents that have already occurred or for patterns in business security breaches, the new report looks at the deeper root cause of the problem: the hackers themselves. When cyber security professionals can better understand the mysterious nature of hackers and how they work, they may be able to better protect their own systems.
Traditional defenses against hacking, such as firewalls and antivirus software, almost never slow hackers down, according to the survey. This goes against what the cyber security industry has been thinking for years and could cause companies to reconsider their basic cyber security measures. Instead, hackers say the most effective measures for stopping their attacks are endpoint security technologies.
However, half of the hackers surveyed said they change their approach to hacking with every attack, meaning there often isn’t a pattern to their hacking. If they got in through the firewall at one business, they may try getting in by identifying weak passwords in another attack.
Other studies have found that the most common way hackers get into a system is by breaking into a network and becoming active, meaning they can continue to steal information and monitor data for months.
Perhaps the scariest part of the results is that the hack and missing data might not be discovered for weeks or months after the fact, meaning that hackers could be long gone with the information before a business even realizes its systems have been infiltrated. In fact, one-third of attackers say the targeted organizations never even realized they had been hacked.
“Data breaches take an average of 250-300 days to detect—if they’re detected at all—but most attackers tell us they can break in and steal the target data within 24 hours,” said Chris Pogue, Nuix’s chief information security officer and a co-author of the Nuix Black Report. “Organizations need to get much better at detecting and remediating breaches using a combination of people and technology.”
