Report: Hackers Take Less than 6 Hours on Average to Compromise Targets

Most hackers can compromise a target in less than six hours, according to a survey of hackers and penetration testers released Tuesday by security awareness training firm KnowBe4.

The Black Report was compiled from 70 surveys taken at Black Hat USA and Defcon, and shows that phishing is the preferred method for 40 percent of hackers. A further 43 percent said they sometimes use social engineering, while only 16 percent do not use social engineering at all. Forty percent sometimes use vulnerability scanners, 60 percent use open-source tools, and just over 20 percent use custom tools for hacking.

A majority of those surveyed (53 percent) said they sometimes encounter systems they are unable to crack, while 9 percent say they never do, and 22 percent said they “rarely” encounter such targets. KnowBe4 chief hacking officer Kevin Mitnick performs penetration testing with a separate company (Mitnick Security), with a 100 percent success rate. Mitnick will present the keynote address at the upcoming HostingCon Global 2017 in Los Angeles. [Register now for HostingCon Global and save $100 on your all-access pass]

Once they have gained access to a system, one in three penetration testers said their presence was never detected, and only 2 percent say they are detected more than half of the time. Exfiltrating data after a compromise takes less than 2 hours for 20 percent of respondents, and two to six hours for 29 percent, while 20 percent take longer than 12 hours.

When asked about effective protection against breaches, endpoint protection was named by 36 percent of those surveyed, while 29 percent identified intrusion detection and prevention systems.  Only 2 percent consider anti-virus software an obstruction to hacking networks.

One-quarter of those surveyed said their advice to corporate boards would be to recognize that it is inevitable that they will be hacked, it is only a question of when it will happen. Roughly the same number urged boards to consider the return on investment in security, while 10 percent said boards should realize that detection capability is much more important than deflection capability.

KnowBe4 also commissioned a study from Forrester on the Total Economic Impact of breaches to put numbers to the potential return on investment (ROI) of security spending. The study is available from the KnowBe4 website.

Source: WHIR

Topics: Social Engineering, exfiltrating data, penetration testers, The Black Report, DefCon, custom tools, hackers, keynote speaker, security awareness training, intrusion detection, KnowBe4, Los Angeles, Mitnick Security, vulnerability scanners, Black Hat USA, breach protection, open source tools, phishing, HostingCon Global 2017, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Redefining Your Enterprise’s Cyber Security Posture During Mergers & Acquisitions

With 3,205 data compromises occurring in 2023 alone, fortifying your enterprise’s cybersecurity posture is more important than ever.

Read more ›

Choosing a Penetration Testing Company for Mac-based Environments

Powering your business with Apple devices because of their reputable security and privacy features? You may be surprised to learn that while Apple dev..

Read more ›

AI in Cyber Security: Impacts, Benefits, and More To Be Aware Of

Artificial intelligence in cybersecurity has been a hot topic lately, especially with the rise of OpenAI’s ChatGPT. But does that mean it would make a..

Read more ›