[BreachExchange] What hackers think of your cybersecurity efforts

[Destry Winant]

https://www.cio.com.au/article/625808/what-hackers-think-your-cyber-security-efforts/

A survey of 250 self-identified hackers at the twentieth annual Black
Hat conference in Las Vegas last month has revealed the security
technologies they find toughest to beat.

Of the hackers that responded, 38 per cent said multi-factor
authentication was the ‘hardest to get past’ while 32 per cent
considered encryption the toughest defence to beat.

Firewalls, anti-virus software, and intrusion prevention systems were
considered the trickiest to overcome by less than 10 per cent of
respondents respectively.

In order to capture critical data, ‘access to privileged accounts’ was
unsurprisingly the preferred channel of 31 per cent of hackers in the
Thycotic survey, followed by access to an email account (27 per cent),
and access to a user endpoint (21 per cent).

With perimeter security technologies considered largely irrelevant,
hackers are now focused on gaining access to privileged accounts and
email passwords by exploiting human vulnerabilities.

Some 85 per cent of survey participants named humans as most
responsible for security breaches, Unpatched software was named as
most to blame by only 10 per cent of those asked.

Hackers also viewed threat intelligence solutions as one of the least
effective security protections (59 per cent), along with reputation
feeds (67 per cent) and education (47 per cent). Since threat
intelligence is often also accessible to hackers, they are able to
easily identify how they work and therefore avoid detection, Thycotic
suggested.

Of the individuals that took part in the survey, 53 per cent of whom
identified as white hats using their skills for good, 33 per cent
black hats with malicious motivations and the rest somewhere in
between.