A recent study conducted by the Ponemon Institute reported the average cost of a data breach for the affected company is now $3.5 million. Costs associated with the Target data breach that occurred in 2013 reached $148 million by the second quarter of 2014. With security breaching headlines making the news everyday, how can you protect your enterprise? Two words, Pen Testing.
What is a Pen Test?
Penetration Test or Pen Test for short, is designed to answer the question, “ What is the real-world effectiveness of my security controls against an active, human attacker?” It goes beyond uncovering vulnerabilities and actively exploits them in order to prove or disprove real-world attack.
When should a company do a pen testing?
A company should do pen testing if:
1.They take credit card information
- Have any sort of customer data or hold PII (Personally Identifiable Information)
- Have intellectual property data
- Have concerns about their network security
- If any kind of data leak can hurt the company.
Why should a company do a pen testing?
To test your security policies to see if they are effective in the real world and to discover vulnerabilities within your network or security policies. Pen testing reports can be also be used to train staff to deploy more secure systems.
If developers are able to see how an outside attacker broke into an application they helped develop, they are able to avoid making similar errors in the future. Pen Testing can also give security personnel real experience in dealing with an intrusion.
How often should a company pen test?
General annually is the suggested, but it can be more frequent if required by regulatory standards. Also, you should perform a Pen Test if:
- New network infrastructure or applications are added
- Significant upgrades or modifications are applied to infrastructure or applications
- New office locations are established
- Security patches are applied
- End user policies are modified
Real-world security matters most when it concerns your data, network, and business. If you haven’t been exposed to Pen Testing, your first few tests will probably deliver some shocking results and that’s normal.
Riptide Software performs Pen Tests internally to ensure our systems and applications are up to external security threats. If you are looking for Penetration Testing for your application, IT infrastructure, or website reach out to us.