Penetration testing is so important for businesses today. Almost every day we see companies in the news after the result of a big hack. The aftermath is ugly – lawsuits, loss of trust, downtime and, in many cases, the hacked entity finds itself out of business.In a recent interview with an IT management firm, I was told that many of their customers (mostly SMB) didn’t want a penetration test because they knew they would fail. I see this same reaction in larger companies as well.
This fear of failure is the wrong way to look at penetration testing. At Raxis, we say it all the time, “You can’t fix what you don’t know is broken.” Penetration testing should not be looked at as something that points out your failure; rather it should be embraced as something that helps you get better.
Vulnerabilities are common
We see many of the same vulnerabilities across the nation. Many of them are simple to remediate. Most of them have escaped the attention of the IT team for any number of reasons, but most of all because the IT team is simply busy. Most teams are over worked and under staffed. The workload is high. As a security professional you have to get it right 100% of the time – however, the hacker only has to get it right once.The fear of failing is misplaced. Almost every penetration test will show vulnerabilities or, at the very least, likely attack vectors that could be exploited given more time. Finding vulnerabilities should not be seen as a failure but rather as a responsible approach to better security.
Penetration testing should be about partnership
A penetration test is a valuable tool to help a security team more efficiently locate vulnerabilities, and, if you’ve partnered with a good company, it will offer remediation recommendations helping you efficiently fix the vulnerabilities.A good penetration testing company offers insight and help, not a judgment.I like to call our penetration tests an assessment. That’s truly a better word. We don’t test our customers as much as we partner with them. Raxis is the watchful eye that helps your company stay out of the news. We help you safeguard your data, and we help you maintain trust with your customers.
Penetration testing should be a holistic approach
When a hacker looks at your company, they are taking a holistic approach, and they are going to go for the easiest method with the least amount of risk that they can find. Common attack vectors include:
- Social Engineering
- WiFi Systems
- Internal and External Networks
- Mobile Applications
- Web Applications
- API’s
Each of these areas allows escalation to others. While often viewed as independent systems, the reality is that a weakness in one often leads to a breach in another.Security is hard. This is why it’s so important to partner with a reputable penetration testing company that you can trust. I urge you to not look at penetration testing as the enemy but rather the relief you and your team so desperately need.Learn more about how our penetration tests work.
