Page 184 - Cyber Defense eMagazine December 2023
P. 184
The constraints of snapshot in time penetration testing
Periodic penetration testing has been a standard practice for many organizations, but is it the best
approach for cybersecurity assessment? One major constraint of this method is that it can only provide
a snapshot of the organization's security posture at a specific point in time. This means new vulnerabilities
arising after the testing period will be left undetected. Case in point, according to the 2022 Cost of a Data
Breach report, it takes an average of 277 days to identify and contain the breach.
Another limitation of periodic penetration testing is its reliance on time-based testing, where testers are
given a specified amount of time to identify vulnerabilities. This approach does not account for some of
the more complex and advanced attacks that may require additional time to uncover.
Traditional penetration testing involves manual testing by security experts with varying skill levels. This
snapshot testing adds a constraint on the accuracy of the results, which significantly depends on the
testers capabilities. A single mistake or oversight from the testers can lead to costly breaches.
Lastly, periodic penetration testing offers limited scope when assessing an organization’s entire security
landscape. The manual testing process can only cover specific areas of the organization's network,
leaving other areas untested.
How to embrace continuous cybersecurity testing
While periodic penetration testing can provide a snapshot of your organization’s security posture, it often
fails to account for the dynamic nature of cyber threats. Organizations must continuously test their
security measures to effectively mitigate risks to identify and neutralize emerging threats in real-time.
Organizations can leverage various approaches and tools to implement continuous cybersecurity testing,
such as the Atomic Red Team by Red Canary, an open-source library of tests mapped to the MITRE
ATTACK framework that security teams can use to simulate adversarial activity and validate their
defenses. These tools can help prioritize and mitigate potential cyber-attacks by automating security
testing and providing valuable insights into adversary tactics and techniques.
Endpoint security testing and firewall testing are excellent starting points for implementing continuous
cybersecurity testing. By simulating phishing emails, running PowerShell commands at endpoints, and
monitoring VPN logins at the firewall level, organizations can proactively identify potential vulnerabilities
and mitigate them before cyber attackers can exploit them. Proofpoint’s 2021 State of the Phish Report
revealed that 57% of organizations dealt with at least one successful phishing attack in 2020. These
statistics underline the importance of continuous cybersecurity testing, particularly in the area of
simulated phishing, to detect and mitigate such threats promptly.
Ultimately, embracing continuous cybersecurity testing is vital to securing your organization and
safeguarding your valuable assets. With the right tools and strategies, organizations can identify and
neutralize threats in real-time, stay ahead of the curve, and protect their systems and data from cyber
threats.
Cyber Defense eMagazine – December 2023 Edition 184
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.