8 things hackers would like you to know
A new cybersecurity report from Nuix skipped the survey of recent breaches and instead went to the source -- asking 70 penetration testers at the DEFCON conference about their tactics, motivations and thoughts on the systems they target.
The Nuix Black Report "illuminates the true nexus between attacker methodology and defensive posture," Nuix Chief Information Security Officer Chris Pogue said in announcing the report's release. Among the more interesting findings:
- Direct server attacks were the most popular method for breaking into systems, slightly more so than phishing attacks.
- Eighty-four percent of attackers, however, said they used some sort of social engineering to gather information about their targets.
- Half the hackers said they changed their attack methodologies with every target, and another 38 percent said they mixed things up at least every six months.
- Only 5 percent said they changed tactics because old methods were no longer effective; 56 percent said they did so mainly to learn new techniques.
- Similarly, 66 percent cited "the challenge" of penetrating a system as their main motivation. Just 12 percent said either money or ideology were the main driver.
- That test-yourself mentality was also reflected in the hackers' regard for traditional security certifications. While many said they had multiple certifications themselves, 76 percent called such credentials a poor indicator of technical ability.
- End-point security technologies presented the most effective defense, respondents said. Just 10 percent said firewalls were the best defense -- and 22 percent claimed that no countermeasure could keep them out of a system indefinitely.
- Perhaps that's because too many defenses are poorly maintained. Nearly two-thirds of the pen testers said their biggest frustration is that most organizations don't fix vulnerabilities after they’ve been identified.
The full report is available here.
Troy K. Schneider is editor-in-chief of FCW and GCN.
Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of NationalJournal.com, Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, National Journal, Governing, and many of the other titles listed above.
Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.
Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.