Brian Wenngatz, general manager at Core Security, a HelpSystems company, discusses the advancement of penetration testing during Covid-19.
Covid-19 threw the spotlight on cyber security like never before. The unprecedented global shift to remote working and subsequent surge in cyber crime drove a priority focus amongst business leaders to ensure a robust cyber security posture across every part of their newly extended network. Many organisations had to make this transition rapidly, which increased the likelihood of misconfigurations and other errors, while the drastically increased attack surface presented fresh cyber security challenges around remote network connections, VPN connections, phishing, and many other types of network attacks.
Ensuring adequate protection against this wave of new security threats facing every size and shape of business became paramount, and challenged CISOs to balance reduced budgets and staff against the requirement for increased technology investment. Within this, penetration testing has played a vital role in ensuring organisational security throughout the pandemic, providing value not only in testing and measuring security posture, but also in identifying and prioritising high-risk security vulnerabilities and ensuring compliance. But have CISOs focused sufficient resources on penetration testing, and have such investments worked to deliver the clear vision for overall cyber security strategy that penetration testing promises?