GUEST ESSAY: Here’s why penetration testing has become a ‘must-have’ security practice

By Abhishek Kokate

A reported loss of $171 Million. Huge sum, right?

Related: Supply-chain hacks prove worrisome

Yes, and that is what Sony exactly lost when they were hacked and the personal info of every one of its customers leaked in 2011. This came to the news because Sony is one of the biggest names on the planet. Every second, even while you are reading this article, a hacker is trying to hack a site.

Many do not make it to the news, many close down and many are no way concerned, because they think they are safe. I am sure you do care for your site and digital assets. And, that is why you are here, thank you for being here. Let us run you through the various aspects of penetration testing, or pen test, and why it is a critical component to protect a company’s network.

A pen test is a simulated cyber attack on your systems to identify the loopholes that hackers can exploit. These can be applications, IoT, Networks, API etc.

Now, let me give you a few reasons, why pen testing has emerged as a “must-have” security practice.

Risk. All risks are not equal; some are potentially more damaging than others. After doing the penetration testing, you can shortlist what you want to tackle first. This will be based on making risk assessments partly based on the pen test results, as well as how much resources you are willing to allocate.

Kokate

Reinforcing positives. A pen test can help highlight the positives of your company. Once you know what your strengths are, you can now allocate time and resources to strengthen weaknesses. For example, your website security may prove strong, applications not so much. Now, you can totally focus on the application.

Strategic positioning. A pen test can inform and help clarify security policies and strategies. You can communicate to clients how much cybersecurity means to you. This will make you stand out in their minds as a partner that has security as their first priority.

Configuration management.  Companies face a challenge do identifying if applications have been poorly configured. Are they updated? Are the credentials updated? There are many questions like these, which could be identified during the penetration test.

Compliance, governance. Healthcare companies must follow HIPAA rules; retailers must comply with PCI DSS. There are many compliances with respect to the industry that you work in. An annual pen test can streamline compliance.

Business continuity. What would you do in case of an attack? How would you handle the business continuity? Most company’s do not bother to have a business continuity plan. Regula pen testing provides the opportunity to update that plan, identify your backup and assure your ability to restore capacity.

Data protection. Every company has data that can be classified as critical. That means, anything happened to this data and the company is on its way to its downfall. This has happened to companies like Travelex who were the biggest money exchange on the planet. Pentest will help to secure this, so in case of an attack, this is away from the hijacker.

Senior management buy-in. Pen testing results in hard metrics: numbers, data and statistics. Senior executives understand metrics. Once they are shown how investing in pen testing helps them stand out against their competition, they will be more than ready to invest.

Proactive defense. Pen testing prepares you for inevitable attacks. Offensive is the new defensive. Pen testing can help you anticipate and deflect the most active attacks of the day, and continually strengthen your security posture.

About the essayist. Abhishek Kokate is a client advisor at Briskinfosec. Apart from cybersecurity, he loves to create written, visual and audio content. He is a passionate speaker and a toastmaster.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone