Misconfigured networks are the lowest-hanging fruit for most attackers, according to a survey of DEFCON conference attendees published yesterday.

In its annual "Hacking Habits" survey, Tufin Technologies reports that attendees of DEFCON, often viewed as a "hacker" conference, was indeed populated by individuals who described themselves as black hats (11 percent) or gray hats (46 percent).

Although nearly two-thirds of the attendees are employed in corporate IT positions, less than 30 percent of the sample said they were motivated by the desire to actually fix broken systems. Sixty-eight percent admitted to hacking "just for fun."

Among those who search for vulnerabilities, the survey found that 73 percent of respondents come across a misconfigured network more than three quarters of the time – which, according to 76 percent of the sample, is the easiest IT resource to exploit.

Fifty-eight percent of respondents said they believe network misconfigurations are most commonly caused by IT staffers not knowing what to look for when assessing the status of their network configurations. Eighteen percent said the misconfigurations are most likely caused by a lack of time or money to do thorough audits.

Forty-three percent of DEFCON respondents said planting a rogue member of staff inside a company is one of the most successful hacking methodologies. Eighty-eight percent believe the biggest threat to organizations lies inside the firewall.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.