Wednesday, April 11, 2018
"The Black Report reveals a huge gap between perception and reality in cybersecurity—you might think you're well protected but the people whose job it is to break in and steal your data think otherwise," said Chris Pogue, lead author of the report and Nuix's Head of Services, Security and Partner Integration.
"For example, most organizations invest heavily in perimeter defenses such as firewalls and antivirus, and these are mandatory in many compliance regimes, but most of the hackers we surveyed found these countermeasures trivially easy to bypass. If hackers can steal your data within a day but you only find out it happened months later, you're well on the way to becoming the next big news story," Pogue said.
The Nuix Black Report challenges the common media narrative that data breaches are hard to prevent because cyberattacks are becoming more sophisticated. Nearly a quarter of Black Report respondents (22%) said they used the same attack techniques for a year or more.
"Hackers can keep using the same attack techniques because they still work—if it ain't broke, don't fix it," Pogue said. "Many data breach victims believe they have suffered unprecedented and highly sophisticated cyberattacks, but they often turn out to be the result of mistakes or oversights. In the recent Equifax case, for example, it was an older system that hadn't been patched."
The Black Report also shatters another common perception of cybersecurity, that of the teenage hacker living in a basement. Three-quarters of respondents were college graduates and nearly one-third (32%) had postgraduate degrees. The majority (57%) worked for medium-sized, large, or enterprise businesses.
"When organizations develop their cybersecurity strategies, they may have IT, legal, risk, and human resources teams at the table but the one person they never invite is the bad guy," said Pogue. "It's no wonder that so many security strategies are misdirected.
"The Nuix Black Report 2018 is an opportunity to bring the adversary to the table and have the hackers themselves tell you what's most effective for your security efforts."