Understanding the value of penetration testing


October 18, 2013

When a company goes about testing its cybersecurity systems, it has a few options to choose from, but the type that may provide the most insight into how well a business responds to a cyber threat may be a penetration test.

Different from a standard security audit, penetration testing goes the extra mile to determine how exactly a system will respond once a hacker exploits a vulnerability.

A recent article in Forbes outlined the many reasons businesses are opting to undergo penetration testing, and what value these organisations derive from it.

Eric Basu, a Former US Navy SEAL and CEO of a cybersecurity defence contractor, wrote that one of the most common reasons for performing a penetration test is to make note of all higher-risk vulnerabilities that may only surface after several lower-risk vulnerabilities are exploited in a certain pattern.

Penetration testing is also great for seeking out any vulnerabilities that could be laying in wait among automated networks, and will only be discovered in the event of an actual breach.

The solution is also ideal for getting a grasp of how devastating an attack could be, testing how well network defenders respond to any particular form of attack and meeting any compliance measures, such as PCI DSS.

“As is apparent, there are many reasons penetration testing is conducted. Defining the scope and nature of a penetration test is largely dependent on what the drivers are for an organization, which will determine the stated goals going into an engagement,” Mr Basu wrote.

Penetration testing should also occur frequently. While it was once believed once or twice a year was acceptable, this frequency has increased in recent years as the threat of cyber attacks has become more pronounced.

Leave a Reply

Your email address will not be published. Required fields are marked *