When it comes to breaking into networks, hackers on the big screen usually just tap a few buttons before triumphantly proclaiming: “I’m in!" While this is a blatant exaggeration, hackers are able to break into corporate systems faster than businesses might expect.
According to a new report from security firm Positive Technologies, cybercriminals can penetrate an organization's local network in as little as 30 minutes.
The company tested the systems of businesses in various different industries and managed to breach the network in 93 percent of cases - in some instances via as many as 13 different methods.
Attack complexity was also low in most cases, according to the report, which argues that even a hacker with basic skills would be able to pull off these types of attacks.
At 71 percent of companies, there was at least one easy penetration vector. Most of the time, it involved a poorly designed web application which allowed for brute force attacks.
To make matters even worse, in one out of every six tested companies, the researchers found traces of earlier attacks, including web shells on the network perimeter, malicious links on official sites or valid credentials in public data dumps.
"Web applications are the most vulnerable component on the network perimeter. To ensure protection, businesses need to perform security assessments of web applications regularly," said Ekaterina Kilyusheva, Head of Research and Analytics at Positive Technologies.
"Penetration testing is performed as a 'black box' analysis without access to source code, which means businesses can leave blind spots to some issues which might not be detected using this method. Therefore, companies should use a more thorough testing method such as source code analysis (white box)."