Misconfigured Networks Are Easiest Prey, Hacker Survey Says

Network vulnerabilities are simple to find, easy to attack, DEFCON survey respondents say

Dark Reading Staff, Dark Reading

September 2, 2010

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Misconfigured networks are the lowest-hanging fruit for most attackers, according to a survey of DEFCON conference attendees published yesterday.

In its annual "Hacking Habits" survey, Tufin Technologies reports that attendees of DEFCON, often viewed as a "hacker" conference, was indeed populated by individuals who described themselves as black hats (11 percent) or gray hats (46 percent).

Although nearly two-thirds of the attendees are employed in corporate IT positions, less than 30 percent of the sample said they were motivated by the desire to actually fix broken systems. Sixty-eight percent admitted to hacking "just for fun."

Among those who search for vulnerabilities, the survey found that 73 percent of respondents come across a misconfigured network more than three quarters of the time – which, according to 76 percent of the sample, is the easiest IT resource to exploit.

Fifty-eight percent of respondents said they believe network misconfigurations are most commonly caused by IT staffers not knowing what to look for when assessing the status of their network configurations. Eighteen percent said the misconfigurations are most likely caused by a lack of time or money to do thorough audits.

Forty-three percent of DEFCON respondents said planting a rogue member of staff inside a company is one of the most successful hacking methodologies. Eighty-eight percent believe the biggest threat to organizations lies inside the firewall.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights