What Should You Really Be Penetration Testing?

by Sarah Harvey / November 6th, 2019

What is Penetration Testing?

Pen testing is a valuable investment for any organization ‚Äď it‚Äôs a critical line of defense used to protect and secure your sensitive assets from malicious outsiders. But for organizations that have never undergone pen testing, or for those who have never even heard of penetration testing before, it‚Äôs understandable why you would have questions like: What is pen testing? What parts of my organization should be undergoing penetration testing? Who should I hire to perform my pen testing? In this webinar, KirkpatrickPrice‚Äôs President, Joseph Kirkpatrick, will answer these questions and more.

Penetration testing is a form of permission-based ethical hacking in which a tester attempts to gain access to an organization’s people, systems, or locations. The purpose of pen testing is to find vulnerabilities that could potentially be exploited by a malicious hacker as part of your ongoing risk management practices. However, often times, either out of ignorance or deceit, we see firms pass off vulnerability scans as penetration testing. Let’s be clear: vulnerability scans are not penetration tests. Vulnerability scans are great for discovering low-hanging fruit, but they should not be confused with an advanced, manual penetration test. Vulnerability scanners are only capable of matching patterns and definitions and are unable to find flaws that require human logic and comprehension. This is why investing in penetration testing, in conjunction with running vulnerability scans, is necessary.

Which Assets Are Vulnerable?

In order to know what your organization needs to pen test, you need to identify which assets in your organization are susceptible to cyberattacks and the financial, reputational, and legal implications if those assets were to be compromised. Assets that your organization should consider pen testing might include:

  • Call Center
  • People
  • Records Facility
  • Internet of Things
  • Corporate Office
  • Data Center
  • Wireless Connections
  • Externally Facing Applications
  • Internally Facing Applications
  • Mobile Applications
  • Computers

Ultimately, your organization should be penetration testing any asset that you want to make stronger. If you’re ready to embark on your pen testing journey, watch the full webinar to learn more or contact us today to speak to an Information Security Specialist.