Security News > 2022 > October > Gone in a day: Ethical hackers say it would take mere hours to empty your network

Gone in a day: Ethical hackers say it would take mere hours to empty your network
2022-10-01 09:57

Once they've broken into an IT environment, most intruders need less than five hours to collect and steal sensitive data, according to a SANS Institute survey of more than 300 ethical hackers.

More than half of respondents stated they could successfully discover an exploitable exposure in ten hours or less.

"What is the difference between an adversary that takes one hour to break into an organization versus an adversary needing six hours to break in? That's five hours of patch time. That's five hours of preparedness. That's five hours of hardening your environment. Then that appreciation of time periods can travel down through the rest of the intrusion."

Once they've found a hole, 58 percent said they could exploit it in five hours or less.

36 percent of respondents said they could escalate or move laterally within three to five hours, while 20 percent said it takes them two hours or less.

40.7 said they can do this in two hours or less.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/10/01/ethical_hackers_sans_survey/