Jason Hill, Director of Strategic Services, was featured on the AlienVault blog.
Do I Need a Penetration Test?
When most people think of a security breach they think of some pimply faced teenaged genius sitting in a dark basement furiously hacking away at their infrastructure trying to gain access. Often, they will turn to a security vendor to test for this very scenario, this test is known as a penetration test.
I cannot tell you how many professionals consider this as the de facto (and sometimes only) test of their security. Unfortunately, when taken alone they’re testing the wrong thing. In the recent Cyber Security Intelligence Index, IBM found that 60% of breaches occur from insider threats. That means that 60% of the time your data isn’t stolen by someone breaking into your network, you gave them the keys.
Don’t get me wrong, a penetration test absolutely has its place in a holistic security program but a security program it is not. The insider threats statistic mentioned earlier doesn’t necessarily mean your organization is full of individuals waiting for the right time to sell your intellectual property to your biggest competitor; it means that the breaches that occurred were a result of insider action.