It can take just 10 hours, research claims
The intricate mind of the hacker no longer needs the help of Freud to decrypt, as details of how and why individuals access computer systems have been revealed in the latest Black Report from Australian software company Nuix.
In its second annual look into the present security industry, Nuix hones in on what makes hackers tick, to help organizations take preventative measures to thwart future cyber-attacks.
And worryingly, it revealed that most hacks take less than 15 hours to complete – with an average timestamp between breach and discovery of 200 to 300 days.
The report defines a hacker as someone who enters computing systems without permission in order to conduct malicious activity.
Nuix surveyed 65 professional hackers, penetration testers, and incident responders, looking at their motivations for attack and the environment in which valuable targets can be found.
Much of the report focused on how long it takes hackers to breach an organization.
It found that 71% of respondents believed that they could breach the perimeter of a target within 10 hours, regardless of industry.
And 18% of those surveyed said they could complete such a task within an hour.
This was compared to figures from 2016 which saw 71% of those surveyed believing that they could breach a target in less than 12 hours.
Respondents also noted that security was worse in sectors like hospitality, retail, and food and beverage.
Healthcare, law firms, and manufacturers were also considered typically easy targets.
In terms of the type of attacks deployed, network-based intrusions topped the list with 28%, rather than social engineering (27%), and phishing attacks (22%).
Hackers also deployed a variety of methods to conduct attacks – open-source tools and exploit packs were the most common ones to be used.
Most notably, nearly a quarter surveyed said that they deployed the same attack techniques for a year or more.
The first Black Report was released in 2017 and was shared by more than 10,000 people, according to Nuix.
Nuix itself said it launched the study to provide a different – and potentially more useful –insight to the cybersecurity sector.
It added: “It’s insightful to get an attacker’s view of what constitutes ‘success’ when breaching an organization.
“Understanding this perspective has a significant impact on how organizations should defend against and respond to security incidents and breaches to their IT infrastructure.”