Skip to main content

Hackers can penetrate an organization's local network in just 30 minutes

(Image credit: Image Credit: LightField Studios / Shutterstock)

When it comes to breaking into networks, hackers on the big screen usually just tap a few buttons before triumphantly proclaiming: “I’m in!" While this is a blatant exaggeration, hackers are able to break into corporate systems faster than businesses might expect.

According to a new report from security firm Positive Technologies, cybercriminals can penetrate an organization's local network (opens in new tab) in as little as 30 minutes.

The company tested the systems of businesses in various different industries and managed to breach the network in 93 percent of cases - in some instances via as many as 13 different methods.

Attack complexity was also low in most cases, according to the report, which argues that even a hacker with basic skills would be able to pull off these types of attacks.

At 71 percent of companies, there was at least one easy penetration vector. Most of the time, it involved a poorly designed web application which allowed for brute force attacks.

To make matters even worse, in one out of every six tested companies, the researchers found traces of earlier attacks (opens in new tab), including web shells on the network perimeter, malicious links on official sites or valid credentials in public data dumps.

"Web applications are the most vulnerable component on the network perimeter. To ensure protection, businesses need to perform security assessments of web applications regularly," said Ekaterina Kilyusheva, Head of Research and Analytics at Positive Technologies.

"Penetration testing is performed as a 'black box' analysis without access to source code, which means businesses can leave blind spots to some issues which might not be detected using this method. Therefore, companies should use a more thorough testing method such as source code analysis (white box)."

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.