Penetration Testing: Protecting Your Company the Right Way

Share this post:

Just as doctors must probe their patients to uncover hidden maladies or diseases, so too must companies probe their networks, systems, applications, and web assets to uncover weaknesses subject to possible hacking. The practice is called Penetration Testing, or pen testing for short. As with all issues relating to security, there are optimal ways of conducting pen tests and less than ideal ways.

Scope of cybercrime

Hardly a day passes when a report of major cybercrime doesn’t dominate the news. But just how big is the problem? According to a recently released report from Cybersecurity Ventures, experts predict that by 2021 cybercrime globally will cost $6 trillion annually or twice what it was in 2015. Astonishing as that prediction is, it’s even more remarkable to consider the wealth transfer to bad actors that occurs and the largely unrealized benefits of innovation, investments, and risk taking. Like a rug being pulled out from under companies, the losses are not only large but devastating to their future viability.

Aside from the direct losses from cybercrime, we must also ladle on to this figure the direct costs enterprises spend to fight cybercrime. According to Gartner, currently, we spend $86.4 billion on fighting cybercrime, and they project that number to reach $1 trillion between 2017 – 2021. Not factored into this amount is the burgeoning juggernaut that is the Internet of Things and its related technology cousins.

You get it: the problem is huge and the costs enormous. All we need to do is put the best and brightest cyber security employees to work. There’s a catch, however. According to Cybersecurity Ventures, unfilled cybersecurity jobs are expected to top 3.5 million by 2021, severely impeding companies’ ability to effectively secure their enterprise.

As the Internet continues to explode in content and systems, the number of Internet users is exploding as well. According to Cybersecurity Ventures, six billion people will be on the Internet by 2022, approximately 75% of the world’s population, up from 3.8 billion in 2017. With more Internet users comes more potential openings for attacks.

Most insidious of more recent cybercriminal tactics is ransomware. Up from $325 million in 2015, ransomware attacks in 2017 exceeded $5 billion and, according to Cybersecurity Ventures, it will rise to $11.5 billion by 2019. It predicts a ransomware attack will hit every 14 seconds, something that should keep CIOs and their security teams up at night.

This world of constant attacks is the new normal. Security that’s treated as an afterthought rather than it being central to an enterprise’s DNA is setting out a welcome map for hackers and inviting them in with an extra set of keys.

Want to minimize your organization’s slice of the $6 trillion in cybercrimes? Download the rest of this article to learn:

  • The scope of cybercrime and other issues requiring rigorous pen testing
  • Types of pen tests
  • Expectations and responsibilities of pen-testers
  • Generally accepted best practices for pen-testing
  • Top tools to assist with pen testing
  • Considerations for performing pen testing by internal staff or an outsourced firm

Download the article for free here.