Most Hackers Need 5 Hours or Less to Break Into Enterprise Environments

By Cory Maki Cory Maki has been verified by Muck Rack's editorial team
Published on November 7, 2022

Not all hackers have bad intentions. For example, ethical hackers are called in to expose certain vulnerable spots in digital security. For example, Daniel Verlaan is an ethical hacker. In 2020, he made the international press when he gave himself access to an online meeting between European defense ministers. The European ministers were shocked because this showed that their networks and systems were more vulnerable than expected.

Verlaan wanted to wake up the public figures involved. In this case, Verlaan’s hacking attempt had no harmful consequences. But an unethical hacker could have done a lot more damage. And unlike Verlaan, a real hacker would not make himself known. Most victims only find out they have been hacked after the bird has flown long and wide.

Hacked in five hours

SANS Institute is a renowned cybersecurity company. They conducted an extensive study into the digital security of companies. 300 ethical hackers participated. The purpose of the research was to find out how hackers think, how they operate, who they target, and how long it takes them to hack. The results of this study were both surprising and frightening at the same time.

It turned out that it takes an average hacker about 5 hours to break into a business environment. Time started ticking from the moment they found a security vulnerability. Finding such a vulnerability also takes time. 57% of ethical hackers indicated that they needed a maximum of 10 hours to do this. 5% had already detected the vulnerability within 1 hour. 11% took 1 to 2 hours. 25% had identified the vulnerable spot within three to five hours, and 16% within six to ten hours.

Once discovered, 58% of hackers gained access to the corporate environment in 5 hours or less. 7% even managed to do this within an hour. Connections with third parties, the rapid development of apps, clouds, working from home, and mergers and acquisitions proved particularly risky. But it was ultimately faulty settings, vulnerable software, and poor security of confidential data that ultimately topped the list of threats. The same goes for insufficient authentication and access controls.

The detection of vulnerabilities up to and including the execution of harmful actions can usually occur within 24 hours. It should be noted that the ethical hackers had to operate within a legal framework. A malicious hacker can use illegal methods, which means the hacking can also occur more quickly.

Easy Victims

The survey results again showed how bad the situation is with digital security within the business community. And that’s bad news because it also puts our data at risk. Companies are obliged to handle this with care and do everything in their power to protect them. Unfortunately, reality paints a much more pessimistic picture. As much as companies would like to, hackers still outsmart them far too often. You should remember that hackers usually choose the path of least resistance. The pond in which they can fish is very large. If a potential victim offers too much resistance, they quickly aim their arrows at an easier victim.


To protect yourself and sensitive company information, you should try to make it as difficult as possible for hackers. Everything depends on a secure internet connection, especially if employees often work from home. A VPN USA adds an extra layer of protection to your connections. Data is exchanged with a VPN server through an encrypted tunnel. The VPN server encrypts that data. And then, the VPN server forwards the encrypted data to the internet provider’s server. The advantage is that hackers can no longer intercept or read the data.

Also, log-in details too often prove to be a weak spot. Hackers can guess employees’ passwords and gain access to the corporate environment. Therefore, ensure that employees choose unique and hard-to-guess passwords. Regular updates certainly can’t hurt too. And if an employee no longer works for the company, the account should be deleted as soon as possible.

By Cory Maki Cory Maki has been verified by Muck Rack's editorial team

Cory Maki is a former Staff Editor and the Business Development Manager at Grit Daily.

Read more

More GD News