IT security budgets mismatched to hacker targets, study shows

News

IT security budgets mismatched to hacker targets, study shows

Warwick Ashford

IT security budgets are not being used to provide defence technology in some of the areas the enterprise is most likely to need it in, a study has revealed.

About 33% of hacker forum discussions are about training and tutorials for data theft techniques, such as SQL injection (SQLi), according to the latest hacker intelligence report by security firm Imperva.

However, analysts estimate that less than 5% of IT budgets include technologies designed to mitigate attacks on datacentres and defend against SQLi attacks.

“By examining what information hackers seek out or share in these forums, we can better understand where they are focusing their efforts,” said Amichai Shulman, chief technology officer (CTO) at Imperva.

“If organisations neglect SQLi security, we believe that hackers will place more focus on those attacks,” Amichai Shulman said.

The study also revealed that SQLi, along with distributed denial-of-service (DDoS) attacks are the most popular attack methods, each accounting for 19% of forum discussion topics.

Analysis of the hacker forum revealed a rise in a market for social network endorsements. In a keyword search relating to social networks, Imperva found that Facebook (39%) and Twitter (37%) were the most frequently discussed social networks.

In reviewing social network related posts, Imperva observed a black market for buying and selling illegitimate social network likes, followers and endorsements, with particular attention given to the origin of these likes and followers. 

According to the research report, hacker education comprises a third of all forum conversations. Roughly 28% were related to beginner hacking and hacker training, while another 5% related to hacking tutorials.

Both aspiring and veteran hackers visit forums to exchange techniques, build credibility and publish their hacking successes, Imperva said.

The report is the based on the security firm’s second annual analysis of a hacker forum containing around 250,000 members.

 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy