Stealing Critical Data All in a Day’s Work for Hackers: Nuix Black Report

0

Unique survey of hackers and penetration testers reveals most organisations’ cybersecurity postures are much more vulnerable than their leaders think

Nuix has released the second annual Black Report, a survey of professional hackers that provides a unique and much needed perspective on the security landscape. Among many challenging results, the Nuix Black Report 2018 found that most of the professional hackers surveyed said they could bypass security systems, locate critical data, and exfiltrate that data within 15 hours.

“The Black Report reveals a huge gap between perception and reality in cybersecurity—you might think you’re well protected but the people whose job it is to break in and steal your data think otherwise,” said Chris Pogue, lead author of the report and Nuix’s Head of Services, Security and Partner Integration.

“For example, most organisations invest heavily in perimeter defenses such as firewalls and antivirus, and these are mandatory in many compliance regimes, but most of the hackers we surveyed found these countermeasures trivially easy to bypass. If hackers can steal your data within a day but you only find out it happened months later, you’re well on the way to becoming the next big news story.”

The Nuix Black Report challenges the common media narrative that data breaches are hard to prevent because cyberattacks are becoming more sophisticated. Nearly a quarter of Black Report respondents (22%) said they used the same attack techniques for a year or more.

“Hackers can keep using the same attack techniques because they still work—if it ain’t broke, don’t fix it,” said Pogue. “Again and again in the media, data breach victims claim they suffered unprecedented and highly sophisticated cyberattacks but the reality turns out to be that someone didn’t do their job properly. In the recent Equifax case, it was simply an older system that hadn’t been patched.”

The Black Report also shatters another common perception of cybersecurity, that of the teenage hacker living in a basement. Three-quarters of respondents were college graduates and nearly one-third (32%) had postgraduate degrees. The majority (57%) worked for medium-sized, large, or enterprise businesses.

“When organisations develop their cybersecurity strategies, they may have IT, legal, risk, and human resources teams at the table but the one person they never invite is the bad guy,” said Pogue. “It’s no wonder that so many security strategies are misdirected.

“The Nuix Black Report 2018 is an opportunity to bring the adversary to the table and have the hackers themselves tell you what’s most effective for your security efforts.”

About the Nuix Black Report 2018
The Nuix Black Report 2018 is the result of an anonymous survey of professional hackers and penetration testers who attended the Black Hat, Bsides, and DEFCON hacker conferences in Las Vegas, Nevada in July 2017. It extensively examines the cybersecurity landscape from the hacker’s perspective, including the background and mindset of hackers; most effective attacks, countermeasures, and security programs; and what hackers would tell company executives and directors if they had the chance.

About Nuix
Nuix (www.nuix.com) understands the DNA of data at enormous scale. Our software pinpoints the critical information organisations need to anticipate, detect, and act on cybersecurity, risk, and compliance threats. Our intuitive platform identifies hidden connections between people, objects, locations, and events – providing real-time clarity, control, and efficiency to uncover the key facts and their context.

Share.

Comments are closed.