Stealing Critical Data All in a Day’s Work for Hackers: Nuix Black Report

HERNDON, VA – April 11, 2018— Nuix (www.nuix.com), a cybersecurity, risk, and compliance software company, today released the second annual Black Report, a survey of professional hackers that provides a unique and much needed perspective on the security landscape. Among many challenging results, the Nuix Black Report 2018 found that most of the professional hackers surveyed said they could bypass security systems, locate critical data, and exfiltrate that data within 15 hours.

“The Black Report reveals a huge gap between perception and reality in cybersecurity—you might think you’re well protected but the people whose job it is to break in and steal your data think otherwise,” said Chris Pogue, lead author of the report and Nuix’s Head of Services, Security and Partner Integration.

“For example, most organizations invest heavily in perimeter defenses such as firewalls and antivirus, and these are mandatory in many compliance regimes, but most of the hackers we surveyed found these countermeasures trivially easy to bypass. If hackers can steal your data within a day but you only find out it happened months later, you’re well on the way to becoming the next big news story,” Pogue said.

The Nuix Black Report challenges the common media narrative that data breaches are hard to prevent because cyberattacks are becoming more sophisticated. Nearly a quarter of Black Report respondents (22%) said they used the same attack techniques for a year or more.

“Hackers can keep using the same attack techniques because they still work—if it ain’t broke, don’t fix it,” Pogue said. “Many data breach victims believe they have suffered unprecedented and highly sophisticated cyberattacks, but they often turn out to be the result of mistakes or oversights. In the recent Equifax case, for example, it was an older system that hadn’t been patched.”

The Black Report also shatters another common perception of cybersecurity, that of the teenage hacker living in a basement. Three-quarters of respondents were college graduates and nearly one-third (32%) had postgraduate degrees. The majority (57%) worked for medium-sized, large, or enterprise businesses.

“When organizations develop their cybersecurity strategies, they may have IT, legal, risk, and human resources teams at the table but the one person they never invite is the bad guy,” said Pogue. “It’s no wonder that so many security strategies are misdirected.

“The Nuix Black Report 2018 is an opportunity to bring the adversary to the table and have the hackers themselves tell you what’s most effective for your security efforts.”

About the Nuix Black Report 2018

The Nuix Black Report 2018 is the result of an anonymous survey of professional hackers and penetration testers who attended the Black Hat, BSides, and DEFCON hacker conferences in Las Vegas, Nevada in July 2017. It extensively examines the cybersecurity landscape from the hacker’s perspective, including the background and mindset of hackers; most effective attacks, countermeasures, and security programs; and what hackers would tell company executives and directors if they had the chance.