The Black Report from Nuix reveals that organisations are ignoring recommendations of penetration testers, even when they find serious vulnerabilities…
The Black Report from Nuix is unlike most security research that comes our way, in that it’s the result of talking to hackers. To clarify, these are not black hats involved in criminal activities but rather professional hackers on the penetration testing frontline. What they manage to provide is a different perspective, that of attackers themselves.
Perhaps the most disturbing statistic to be included in this report is the one that relates to the clients that hire them, though. Three-quarters of clients, post-engagement, will perform ‘some remediation’ based upon the test report but this is usually restricted to critical and high-rated vulnerabilities. Worryingly, five percent did nothing at all, and only 10 percent put everything that was identified to rights.