Penetration Testing Important, but…
Cybersecurity is something we write a lot about because it is a huge concern for organisations of all sizes and types. One small piece of malware has potential to take down an entire network – even if it only takes seconds for the trojan, worm, virus or other “nasty” to be detected and remediated.
There’s no question that having strong firewalls to guard your cloud and network, as well as endpoint protection on all devices, is critical. As is having strong breach defence plans and expert remediation teams on stand-by.
We’ve also stressed the importance of doing penetration testing to identify where you may be vulnerable. As you read the next few paragraphs, please keep in mind that we believe penetration testing and security audits are an important part of your network care. An absolute necessity – and not just for insurance compliance reasons.
Sometimes the company uses its internal hacking Red Team to ferret out vulnerabilities. These Red Teams will always get in as they are already familiar with your environment and its vulnerabilities. As with any good security auditing/penetration testing firm, they’ll give you a list of what needs to be fixed – but not everything will truly put your firm at risk.
Usually, there are three or four areas of true vulnerability for your firm. When you consider that of the 18,108 threats identified globally last year, less than 2% actually infected organisations in the real world. That doesn’t mean they didn’t do a lot of damage – simply that not all threats materialized.
To take care of everything immediately can be time and budget-consuming. After you have done the penetration testing and security audits (using your own internal Red Teams or an outside security firm), it is recommended that you tackle the vulnerabilities in the following order of decreasing importance:
- Any threat vectors or exploits that are currently in play because they have been successful in penetrating your network.
- Any threat vectors that are likely to be used successfully against you in the future – and this is something your security specialists will be able to let you know.
- Any threat vectors or exploits that have been successfully used against you at any point in the past. Once the hacker or bot gets in somewhere, that vulnerability is targeted over and over.
- New “In the Wild” malware. ITW is a term used to differentiate between malware that has actually infected real people’s machines versus the type of threats that are primarily created through Red Team exercises – also things that only “exist in the zoo”, hence the ITW term.
- Recently announced patches because these are likely to be exploited as soon as possible by bad actors.
- Currently active exploits that are in the public domain. You’ll know – they’re likely in the news, too. – These are typically viruses that have been around a while and keep coming back, just like that regular flu.
You need to consider the risk in proportion to the vulnerability, rather than treating every defence concern equally. In short, you need to determine which of the vulnerabilities represent a true hole that can be exploited by real-world attackers and close that gap immediately.
Today’s organisations are stretched so thin, and threat vectors are evolving so quickly, that many are unable to make a determination on their own. Even if you can do everything else in the house, it often pays to have a third party to this portion of the assessment for you.
To learn more about Security assessment, penetration testing – or see if Security as a Managed Service is a good option for you – please contact us at [email protected] or (416) 429-0796 or 1.877.238.9944 (Toll Free).
.webp)