Inside the Mind of Modern Adversaries

SANS, in partnership with Bishop Fox, surveyed 280 ethical hackers to gain insight into the mind and methods of modern adversaries – including what works and what doesn’t. Here are our preliminary findings.

Text on image: Time to break into an environment 57% of hackers say it takes less than 5 hours to break into an exposed environment. Represented by hacker timed with chronometer

Text on image of thief running away with credit card: Time to complete an end-to-end attack Under 20 Hours 44% of hackers can complete an end-to-end attack in 20 hours or less (breach perimeter, gain access to targets, and potentially exfiltrate data).

Text in image of people using cell phones: Top five factors making attack surfaces vulnerable to compromise: Third-party connections 40%, Increased pace of application development/deployment 39% , Remote work 35%, Mergers and acquisitions 32%, Adoption of cloud infrastructure 31%

text on image: Challenges to penetrate an environment Leading challenges hackers face when penetrating an environment: MFA 48%, Patching 42%, Firewall 33%, EDR 33%, Privileged Account/ User Management 32% Greatest

Top three greatest ROI for hackers


For more insights into our hacker analysis, tune into SANS Institute upcoming webcast: 

Think Like a Hacker- Inside the Minds & Methods of Modern Adversaries

  • Tuesday, 27 Sep 2022 3:30PM EDT (27 Sep 2022 19:30 UTC)
  • Speakers: Matt Bromiley, Tom Eston, the Associate VP of Consulting, Bishop Fox

Matt Bromiley SANS Headshot

About the author, Matt Bromiley

Certified Instructor at SANS Institute

Matt Bromiley is a principal incident response consultant at a top digital forensics and incident response (DFIR) firm. In the DFIR firm Matt assists clients with incident response, digital forensics, and litigation support. He also serves as a GIAC Advisory Board member, a subject-matter expert for the SANS Security Awareness, and a technical writer for the SANS Analyst Program. Matt brings his passion for digital forensics to the classroom as a SANS Instructor for FOR508: Advanced Incident Response, Threat Hunting and Digital Forensics, and FOR572: Advanced Network Forensics, where he focuses on providing students with implementable tools and concepts.

More by Matt

Tom Eston

About the author, Tom Eston

VP of Consulting and Cosmos at Bishop Fox

Tom Eston is the VP of Consulting and Cosmos at Bishop Fox. Tom's work over his 15 years in cybersecurity has focused on application, network, and red team penetration testing as well as security and privacy advocacy. He has led multiple projects in the cybersecurity community, improved industry standard testing methodologies and is an experienced manager and leader. He is also the founder and co-host of the podcast The Shared Security Show; and a frequent speaker at user groups and international cybersecurity conferences including Black Hat, DEF CON, DerbyCon, SANS, InfoSec World, OWASP AppSec, and ShmooCon.
More by Tom

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.