Hackers can be living in computer systems for more than six months before they are detected, and corporations must become more proactive to neutralize the threat, cybersecurity expert Marc Goodman said Tuesday.
"For 210 days hackers … are living inside your systems in what's known as the advance persistent treat, they're roaming around and rummaging and stealing anything they can," Goodman said in an interview with CNBC's "Power Lunch."
Hackers can get away with it because the government and businesses don't have good detection tools , he said. Plus, their methodology is increasing and getting better.
"Today cybersecurity is mostly a reactive process. We set up firewalls, antivirus detectors and the like and we wait for them to go off," said Goodman, global security advisor at Singularity University.
"I think a much better approach would be to go proactive and actually proactively hunt for the hackers inside your system because they are already living there."
Read MoreThis is how much cybercrime is costing you
The private security firm CrowdStrike released a new report Monday accusing a Chinese military unit of hacking attacks on the U.S. defense and industrial sector. It said the unit is likely behind attacks on targeting space and satellite firms.
The firm used IP and email addresses to trace some of the alleged attackers, found them on social media and published embarrassing photos of them in the report.
Read MoreChinese media lashes out at US tech
While Goodman said CrowdStrike should be commended for its work, he doesn't think embarrassing the hackers will thwart them.
"The billions of dollars that they save on research and development or the access to military secrets … is so great that by trying to shame them, we don't see much opportunity to actually disrupt what they're doing," he said.
Read MoreHow a Russian hacker snatched $100M
—By CNBC's Michelle Fox, with reporting by CNBC's Eamon Javers.
