top of page

Majority of hackers can exfiltrate data within 5 hours of gaining access

A recent ethical hacking survey of 300 experts by the SANS Institute and sponsored by cyber security services firm Bishop Fox, found that more than 60% of threat actors can collect and exfiltrate an enterprise’s data within five hours of gaining access to an environment.

The survey is the latest data point from cyber security companies in their attempt to estimate the average time it takes to stop threat actors and interrupt their efforts before any significant exploit is attained.

According to Bishop Fox, the results from the ethical hacking survey mirrors metrics for real-world malicious attacks and highlights the limited amount of time it takes companies to detect and respond to cyber threats.

The survey also created a profile of the average ethical hacker with two-thirds of participants having between a year and six years of experience.

Overall, nearly three-quarters of ethical hackers think most organisations lack the necessary detection and response capabilities to stop attacks.

In terms of attack vectors, SANS found the two most popular were social engineering and phishing, with web application attacks, password attacks and ransomware completing the top five.

These vectors were assessed by sanctioned adversaries in terms of which had the highest return on investment to hackers.

Organisations are encouraged to use the information from the survey to protect their assets and infrastructure by:

  • Knowing how adversaries operate and how they pivot between tactics and techniques can help organisations evaluate their investments, and better understand where they need to double down on controls, policies, testing and defences.

  • The data should convince organisations to not just focus on preventing attacks but also aim to quickly detect and respond to attacks in order to limit damage.

  • The survey should be a reminder that technology alone cannot solve cybersecurity problems - solutions require training employees to be aware of attacks.

This week, Cyber PATH has been launched. Developed by the National Cyber Resilience Centre Group (NCRCG) in partnership with the regional Cyber Resilience Centre (CRC) network, of which we are a part of, Cyber PATH is a programme open to students in full-time higher education who want to help shore up the nation’s defences against cybercrime and gain vital experience in a commercial setting.

The programme gives young people the opportunity to work alongside senior Security Practitioners to deliver affordable and high-quality cyber resilience services to small and medium-sized enterprises (SMEs).

Employees are a company's greatest asset. With the right training and knowledge, they can also become highly effective barriers against cyber-crime.

Find out more about the new Cyber PATH programme and have a look at the services we can offer. If you are worried about your business’s cyber hygiene or staff awareness, please contact us for a chat about best practices and how we can help.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page