Have you ever wanted to know a hacker's perspective on protecting critical data?
What if you could talk to the black hat hackers themselves to see what works and doesn't work when trying to protect your most valuable resources?
At Black Hat 2017 in Las Vegas, Thycotic surveyed over 250 white, gray, and black hat hackers to find out just that.
Below are a few highlights of their findings:
Q: What entry point gives you the easiest/fastest access to sensitive data?
A: 31% say access to privileged accounts.
Whether it's through a spear phishing attack or credential stealing malware, getting on a network directly via someone who has access is almost a sure bet for data infiltration.
Q: What is the biggest source of cyber fatigue?
A: 35% say remembering and changing passwords.
Cyber fatigue occurs when users are failing to implement protective measures, usually by being overwhelmed by either the amount of information needing protection, or by the layers of security practices. Remembering to change passwords (and then keeping them all straight) is cited as the number one cause of cyber fatigue.
Q: What type of security is the hardest to get past?
A: Multi-factor authentication and encryption.
If access to privileged accounts is the easiest and fastest way to sensitive data, the methods used to protect against this are, thankfully, the toughest to get around. The survey found that multi-factor authentication (38%) and encryption (32%) are the best ways to combat credential theft.
Q: What type of hacker do you most identify with?
A: 53% say white hat.
While just over half of respondents identify as one of the "good guys," 14% say they hack with malicious intent, and 33% say they are somewhere in the middle.
Joseph Carson, Chief Security Scientist at Thycotic, told SecureWorld:
“It is not surprising how hackers responded to the survey since many of the traditional cyber security technologies have failed to keep up-to-date with the evolving perimeter, importance of digital identities and modern techniques used by hackers. The more interesting results for me was that Threat Intelligence was not seen as an obstacle today. The biggest obstacles they reported were with encryption and multi-factor authentication. Therefore, these should be considered as must-haves for every organization.”
Read the full report here.
