Thursday, 16 August 2018

What can businesses learn from hackers?

What can businesses learn from hackers?
21 Jul

Despite all the noise from security vendors, most hackers and pen-testers can worm into a network and exfiltrate valuable data in under a day, including for critical systems, according to a recent report from Nuix.

The problem, according to head of services for Nuix, Chris Pogue, is that the major security issues have barely changed in decades.

“Organisations like to say the threats are more complicated and the attackers are more sophisticated, no they’re not,” Pogue said, speaking by phone with Computerworld UK. “They have been shooting fish in a barrel for 20 years.

“Take any recent attack that’s gone global and had massive impacts, whether it’s Yahoo or Target or any of those big attacks – it’s all based on the same stuff, it’s all missing patches, it’s all bad network hygiene or user IDs that have weak passwords. It’s IT laziness or poor hygiene.”

The company first put together its ‘Black Report’ during the DEFCON cybersecurity conference in 2017. This year, participants – most of them anonymous – doubled to 112 and includes people who referred to themselves as hackers, pen-testers, and incident responders.

Hackers, Nuix notes, are people who spend their time accessing computer systems or applications without permission.

The majority of those surveyed found that it was rare to come across networks they couldn’t breach. Most of their attacks were rarely detected, and a majority of 93 per cent said that following a penetration test, their clients didn’t fix some or all of the vulnerabilities found.

« »


Related Articles