As an information security company, we are regularly asked this question during scoping calls. In fact we’ve raised the question back to customers asking when was the last time they conducted a pen-test. We’ve heard many responses from ‘6 months ago’, to ‘we conduct pen-tests regularly’ to even ‘it’s been a while’. So, what is the right answer?
We thought this blog might come in handy for you.
A penetration test, or pen test, is an ethical form of cyberattack performed on a computer system, web application or network to find security vulnerabilities that an attacker could exploit. Pen tests and vulnerability scans should be performed on a regular basis to identify and remediate any form of vulnerability that could be exploited by a cyber-criminal. Here are 5 differences between a pen-test and vulnerability scan.
We recommend that level one pen tests are conducted on a frequent basis, every quarter to at least 6 months. An advanced penetration test should be performed on an annual basis. This is very critical in terms of regulation, laws and compliance factors. We help many businesses with their pen-tests and vulnerability scans; have a look at our services, click here.
If changes have been made in your environment for example, a new web application has been added, you’ve just had security patches or you’ve changed office locations, we recommend you to conduct tests and scans after these changes have been completed. Networks and computer systems are dynamic, they must also be tested and retested.
Company size & Budgets:
With great power comes great responsibility. If you are a large business, your big data will be viewed as a target to many cyber criminals. You need to take responsibility and test your systems frequently to identify vulnerabilities and mitigate the risks that can affect your business.
If you are a Small or Medium-sized Business, you might think that you are not a target but you may be surprised to learn that SMB’s are vulnerable to some of the same threats as large businesses. ‘With 57% of SMBs facing increased cyber attacks in 2018, criminals are on the hunt for vulnerable programs.’ — Barkly, 2018.
That is exactly why regular pen-tests need to be conducted. Here is our security blog for small and medium size businesses. Have a look!
Security budgets are a big concern for businesses, big or small, pen-tests and vulnerability scans can be expensive. Especially if you have a small budget or your budget has run out. That is why it is recommended to consult with a third-party on the best approach where they can help to plan a project that will be cost effective for your business.
We do not want to preach about security but we want every individual in an organisation to practice it. If you would like to speak to our subject matter experts for further advice, call us: 1800 903 552 or e-mail us.