In advance of RSAC, Rapid7 unveiled its latest research paper, highlighting the real-life experiences of dozens of penetration testers to help demystify the occult art of hacking for hire.
Taking the results of 128 penetration tests conducted by Rapid7 throughout Q4 2016, key findings included:
– Only 33% of client sites had no found vulnerabilities, showing the significant needed improvement on enterprise security.
– Of the 86% of engagement where credential theft was in scope, two-factor authentication was simply not a factor. Considering the millions of large-scale breaches in 2016, and the endemic problem of password reuse, this finding was particularly disheartening.
– Despite the recent uptick in online industrial espionage, the surveyed organisations seemed the least interested in protecting copyrighted material, digital certificates, source code or trade secrets.
More details about the report can also be found here: https://community.rapid7.com/community/infosec/blog/2017/02/08/under-the-hoodie-actionable-research-from-penetration-testing-engagements
Tod Beardsley, Research Director at Rapid7:
“Rapid7’s latest research paper, “Under the Hoodie: Actionable Research from Penetration Testing Engagements,” draws on the real-life experiences of Rapid7’s dozens of penetration testers to help demystify the occult art of hacking for hire. Using rigorous census and polling methodology, we’re able now to track and publish trends in pen testing, ranging from what’s the most effective means for gaining access and elevating privilege in a company’s network, the practical effects and deployment rates of intrusion detection and two-factor authentication technologies, and the kinds of information that attackers can exfiltrate from a compromised network. We hope that general ITOps and dedicated security professionals alike are able to use our research to better understand how and why organisations get breached, and ultimately make the most of their next penetration test.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…