Story image

All in a day's work: Why hackers hack and how they do it

12 Apr 18

It can take hackers less than an hour to steal data from an organisation, and most of the time their targets don’t even detect the attacks.

It’s all in a day’s work for professional hackers, who say that the reality of cybersecurity is much different to what some organisations believe.

Nuix’s Black Report polled professional hackers, penetration testers, and incident responders from 13 countries.

Most hackers can breach a target system, find and exfiltrate data in just 15 hours, while 33% can do the task in five hours, and 40% can do it in less than an hour.

93% say organisations don’t detect their attacks more than half the time – unsurprising considering 70% believe security professionals don’t even know what they’re looking for when they’re trying to detect attacks.

“The Black Report reveals a huge gap between perception and reality in cybersecurity—you might think you’re well protected but the people whose job it is to break in and steal your data think otherwise,” says Nuix’s head of services, security and partner integration, Chris Pogue.

88% of hackers use social engineering tactics like phishing to get information about targets before they conduct their attacks, suggesting that security training for employees at every level in an organisation is critical.

“Most organisations invest heavily in perimeter defences such as firewalls and antivirus, and these are mandatory in many compliance regimes, but most of the hackers we surveyed found these countermeasures trivially easy to bypass. If hackers can steal your data within a day but you only find out it happened months later, you’re well on the way to becoming the next big news story,” Pogue adds.

Who are those hackers? 57% work for medium, large or enterprise businesses. When asked if they had accessed their employer’s critical data for personal gain or for unnecessary purposes, only 14% said yes.

“For every 1,000 employees your organisation has, 140 of them are accessing your CVD for their own purposes beyond that which their job requires,” the report says.

Hackers are also smart: Three quarters have graduated from college and 32% have postgraduate degrees. 6% say that formal education is for ‘suckers’.

Most respondents (86%) say they hack to learn, 35 ‘hack for the lulz’, 21% hack for financial gain, and 6% hack for social or political motives.

The hackers say that they use the same attack techniques for a year or more – despite common perceptions that attacks are becoming more sophisticated.

“Hackers can keep using the same attack techniques because they still work—if it ain’t broke, don’t fix it,” Pogue explains.

“Again and again in the media, data breach victims claim they suffered unprecedented and highly sophisticated cyberattacks but the reality turns out to be that someone didn’t do their job properly. In the recent Equifax case, it was simply an older system that hadn’t been patched.”

But hackers are keeping an eye on what’s happening in the wider security space – 48% spend between 1-5 hours keeping up with security news, trends, and technologies. 16% spend more than 10 hours doing the same activities.

“If cybersecurity is an arms race and knowledge is a weapon, are security specialists and incident responders spending as much time researching how to get better at their craft? Based on the data in this report, specifically the time it takes to compromise a target and how rarely our respondents were detected, it seems likely they are not,” the report says.

78% of respondents believe that data hygiene is an important part of cybersecurity.

Pogue says that organisations are misdirecting their security strategies because they aren’t including people who know how to hack.

“When organisations develop their cybersecurity strategies, they may have IT, legal, risk, and human resources teams at the table but the one person they never invite is the bad guy,” Pogue concludes.

The survey polled respondents from Australia, Brazil, the Dominican Republic, Dubai, England, France, Germany, Ireland, Mexico, New Zealand, North America, the Philippines, Singapore, and South Korea.

Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.