Only a tiny fraction of organizations worldwide, about 4%, are effectively protected against intruders entering their internal networks. In the remaining companies, attackers can seize control of the IT infrastructure, often within a short time after initial access. The minimum period observed for a foothold in the local network was a single day. This finding comes from a fresh assessment conducted by Positive Technologies with data gathered by socialbites.ca.
During the study, specialists performed penetration tests on the networks of 28 organizations to evaluate two critical questions: can an external or internal attacker successfully breach the environment, and can such access lead to a significant business disruption? The evaluation team, part of the SWARM unit, exercised controlled, realistic attack scenarios across firms spanning IT services, finance, manufacturing, services, telecommunications, and other sectors.
The results highlighted a troubling trend: in 63% of the organizations, a low-skilled external intruder could penetrate the local area network from an outside position. In the same share of cases, a low-skilled internal attacker could assume full control over the IT infrastructure. These figures underscore how easily basic credentials and misconfigurations can be leveraged to escalate privileges and gain control over critical systems.
In a broader view, 96% of the tested projects revealed vulnerabilities that allowed internal operators to breach protected zones within the network. Only one company demonstrated robust protection, with investigators able to reach only the demilitarized zone, a buffer area between the public Internet and the private network. This outcome reflected deliberate, high-quality prior penetration testing and effective remediation of discovered weaknesses.
The speed of access varied considerably, yet the most rapid break-ins occurred on the first day. Across tested engagements, security professionals typically achieved a foothold in the local network within about ten days on average, highlighting the time delta attackers may need to stage a full takeover.
Credentials were consistently valuable for intruders. In almost every company, attackers managed to compromise employee credentials, enabling unauthorized access to sensitive information such as strategic documents, intellectual property, and confidential correspondence. The study emphasizes that protecting identities and controlling access rights are essential components of a resilient security posture across industries.
These findings align with a broader industry concern: the real-world exposure of corporate networks to both external and internal threats. The path to rapid access often begins with simple misconfigurations, outdated software, weak authentication, or insufficient segmentation. As organizations adopt hybrid and cloud-based architectures, the need for continuous monitoring, rigorous access governance, and proactive vulnerability management becomes increasingly urgent. The implications extend beyond data loss to potential operational downtime, regulatory repercussions, and reputational harm. A proactive, layered defense helps organizations reduce risk and slow the pace at which attackers can move within a network. This study serves as a reminder that security excellence requires ongoing assessment and remediation, not a one-time effort. Attribution: Positive Technologies report on enterprise network security, 2024.