IT security budgets mismatched to hacker targets, study shows

IT security budgets are not being used to provide defence technologies in some areas most likely to be targeted by hackers, a study shows

IT security budgets are not being used to provide defence technology in some of the areas the enterprise is most likely to need it in, a study has revealed.

About 33% of hacker forum discussions are about training and tutorials for data theft techniques, such as SQL injection (SQLi), according to the latest hacker intelligence report by security firm Imperva.

However, analysts estimate that less than 5% of IT budgets include technologies designed to mitigate attacks on datacentres and defend against SQLi attacks.

“By examining what information hackers seek out or share in these forums, we can better understand where they are focusing their efforts,” said Amichai Shulman, chief technology officer (CTO) at Imperva.

Read more about SQL injection attacks

  • Development and testing key to reducing SQLi attacks
  • Quick time to market to blame for many SQLi attacks
  • SQLi attacks fly under security testing radar
  • SQLi is basically a process problem
  • No quick fix to SQLi attacks
  • Best practice to target SQLi
  • Research shows dangers of user-generated content
  • SQL injection attacks rise sharply in second quarter of 2012

“If organisations neglect SQLi security, we believe that hackers will place more focus on those attacks,” Amichai Shulman said.

The study also revealed that SQLi, along with distributed denial-of-service (DDoS) attacks are the most popular attack methods, each accounting for 19% of forum discussion topics.

Analysis of the hacker forum revealed a rise in a market for social network endorsements. In a keyword search relating to social networks, Imperva found that Facebook (39%) and Twitter (37%) were the most frequently discussed social networks.

In reviewing social network related posts, Imperva observed a black market for buying and selling illegitimate social network likes, followers and endorsements, with particular attention given to the origin of these likes and followers. 

According to the research report, hacker education comprises a third of all forum conversations. Roughly 28% were related to beginner hacking and hacker training, while another 5% related to hacking tutorials.

Both aspiring and veteran hackers visit forums to exchange techniques, build credibility and publish their hacking successes, Imperva said.

The report is the based on the security firm’s second annual analysis of a hacker forum containing around 250,000 members.

 

Read more on Web application security