"Most Attackers Need Less Than 10 Hours to Find Weaknesses"

The average ethical hacker can discover a vulnerability that allows a network perimeter breach and the exploitation of the environment in less than 10 hours, with penetration testers focused on cloud security gaining access to targeted assets the fastest. Furthermore, once a vulnerability or weakness is discovered, 58 percent of ethical hackers can break into a system in less than five hours. These findings come from a survey of 300 experts conducted by the SANS Institute and sponsored by the cybersecurity services firm Bishop Fox. According to the survey, the most common weaknesses exploited by hackers include vulnerable configurations, software flaws, and exposed web services. Tom Eston, associate vice president of consulting at Bishop Fox, says the results reflect metrics for real-world malicious attacks and highlight companies' limited time to detect and respond to threats. The survey is the most recent data point from cybersecurity firms' efforts to estimate the average time it takes organizations to stop attackers and interrupt their activities before significant damage occurs. CrowdStrike, a cybersecurity services firm, discovered that the average attacker breaks out from their initial compromise to infect other systems in less than 90 minutes. Meanwhile, according to cybersecurity services firm Mandiant, the length of time attackers can operate on victims' networks before being detected was 21 days in 2021, slightly better than the 24 days in the previous year. According to the Bishop Fox-SANS survey, nearly three-quarters of ethical hackers believe most organizations lack the necessary detection and response capabilities to stop attacks. The data calls on organizations to focus on detecting and responding to attacks rather than just preventing them. This article continues to discuss findings from the Bishop Fox-SANS survey and other discoveries made by other cybersecurity companies. 

Dark Reading reports "Most Attackers Need Less Than 10 Hours to Find Weaknesses"

Submitted by Anonymous on