Just like cyber security professionals are constantly looking for ways to develop better and more secure software programs, hackers are always staying on top of the newest updates to overcome the latest defenses. In order to understand the importance of cyber security and how to stay ahead of hackers, it can be helpful to look at things from the opposite point of view—a hacker trying to get into your business’s system.
A recent Nuix Black Report surveyed 70 of the world’s best professional hackers and found that 88% of hackers can break into their desired system and get through cyber security defenses in 12 hours or less. It only takes an additional 12 hours for 81% of hackers to find and take valuable data. Instead of looking at hacking incidents that have already occurred or for patterns in business security breaches, the new report looks at the deeper root cause of the problem: the hackers themselves. When cyber security professionals can better understand the mysterious nature of hackers and how they work, they may be able to better protect their own systems.
Traditional defenses against hacking, such as firewalls and antivirus software, almost never slow hackers down, according to the survey. This goes against what the cyber security industry has been thinking for years and could cause companies to reconsider their basic cyber security measures. Instead, hackers say the most effective measures for stopping their attacks are endpoint security technologies. However, half of the hackers surveyed said they change their approach to hacking with every attack, meaning there often isn’t a pattern to their hacking. If they got in through the firewall at one business, they may try getting in by identifying weak passwords in another attack. Other studies have found that the most common way hackers get into a system is by breaking into a network and becoming active, meaning they can continue to steal information and monitor data for months.
Perhaps the scariest part of the results is that the hack and missing data might not be discovered for weeks or months after the fact, meaning that hackers could be long gone with the information before a business even realizes its systems have been infiltrated. In fact, one-third of attackers say the targeted organizations never even realized they had been hacked. Cyber crime will lead to a total projected loss of $6 trillion in 2021, double what is was in 2015.
“Data breaches take an average of 250-300 days to detect—if they’re detected at all—but most attackers tell us they can break in and steal the target data within 24 hours,” said Chris Pogue, Nuix’s chief information security officer and a co-author of the Nuix Black Report. “Organizations need to get much better at detecting and remediating breaches using a combination of people and technology.”
So what do these new looks into the hacker mentality mean for businesses? First, it reemphasizes that businesses need to always be vigilant in protecting their sensitive data from attacks. Even if a system seems secure, it could be circumvented or broken down easily. Businesses also need multiple walls of defense ranging from simple to more complicated; the best walls will change and be unpredictable to match the unpredictability of hackers. Just because a company spends more money on cyber security defenses doesn’t mean they will automatically be more successful; some of the biggest attacks have come against companies with costly systems in place. The key is to be strategic about what will really keep hackers out and to combine human monitoring with technology. And of course, businesses need to constantly be taking stock of their digital portfolio to know when they have been hacked and what information has been stolen. By staying on top of things and constantly managing their digital systems, companies can more quickly identify a cyber attack and solve the problem before things get out of control.
Understanding cyber security with a hacker’s mindset can help businesses think outside the box and look for weaknesses they might not otherwise know they had. To truly keep digital information safe, companies need to always be on guard.