Penetration testers have an overriding frustration.
Hackers are often hired by companies to “break in” into their systems to expose where weaknesses lie in their security, in an effort to patch these up before someone with malicious intent does the same thing.
But even when faced with a list of vulnerabilities, three quarters of companies will patch up only the absolutely critical risks and leave everything else as is.
And therein lies the biggest frustration of hackers, professionally known as penetration testers (‘pentesters’, for short), and often referred to as ‘security consultants’.
By far, the number one pet peeve of hackers (64%) is that even when companies are handed a list of things that are broken following a penetration test, they do not fix them.
The findings of ‘The Black Report: Decoding the Minds of Hackers’, produced by Australian software company Nuix, come from interviewing 70 hackers about their habits and motivations.
The report found just 10% of companies remedied all vulnerabilities discovered in a penetration test and subsequently retested to ensure highest levels of cybersecurity.
Disturbingly, hackers reported 5% of companies did nothing at all after penetration testing – “they were just checking boxes.”
Click HERE to read the full article.