More than eight in 10 hackers can break through cyber security defences, access IT systems they target and steal data within 12 hours, a study has revealed.
However, the breach may not be discovered for hundreds of days, according to the study by global technology company Nuix .
The Nuix Black Report is based on a survey of 70 professional hackers and penetration testers at Defcon , the world’s largest hacking and security conference.
“There is no shortage of cyber security industry reports, so we’ve avoided going down the familiar path of compiling data about incidents that have already taken place or highlighting trends and patterns in data breaches these are clearly the symptoms of a deeper problem,” said Chris Pogue , chief information security officer (CISO) at Nuix and co-author of the report. “Instead, we have focused on the source of the threat landscape: the attackers themselves.”
By examining the security landscape from the hacker’s perspective, he said the Nuix Black Report has revealed results that are contrary to the conventional understanding of cyber security.
For example:
Respondents said traditional countermeasures such as firewalls and antivirus almost never slowed them down, but endpoint security technologies were more effective at stopping attacks. More than half of respondents changed their methodologies with every target, severely limiting the effectiveness of security defences based on known files and attacks. Around one-third of attackers said their target organisations never detected their activities.“Organisations need to get much better at detecting and remediating breaches using a combination of people and technology,” said Pogue, especially if they are reduce the exposure from the time of breach to the time of detection.
For this reason, Nuix has developed endpoint security technology that is designed to detect both known and unknown attack methods.
Nuix Insight Adaptive Security is a next-generation endpoint technology with cutting-edge detection algorithms that can identify and stop security threats including new and unknown attack methodologies in seconds.
According to industry analyst firm Enterprise Management Associates , Nuix Insight Adaptive Security “has applied practical field knowledge to the product’s development, leveraging a design team that includes malware analysts, penetration testers, incident response experts, social engineers and digital forensic professionals”.
Pogue said the research illuminates the “true nexus between attacker methodology and defensive posture; showing which countermeasures will improve security and which are a waste of money and resources”.