News

Is an annual penetration test really necessary?

Published: 13 March 2024

‘Is there a need for an annual penetration test?’ is a question that I used to be asked on nearly every customer engagement in years gone by. However, since the insurance industry have almost mandated that an annual penetration test is undertaken; it is becoming a far less frequent discussion. Nevertheless, it is one that is important to discuss. 

Firstly, some primer on penetration testing. This is the act of a skilled cyber professional attempting to identify, exploit and document weaknesses within an organisation’s systems and platforms. These vulnerabilities occur for a variety of reasons, commonly: 

  • Unpatched/not updated software or components 
  • Mis-configurations that provide incorrect access 
  • Easily exploitable or leaked passwords 
  • Default username/password combinations being left enabled 

The risk of these vulnerabilities is that they can lead to unauthorised access, data exfiltration, data destruction and the most common cyber crime – ransomware. Penetration tests are designed to not only look at the outside of your infrastructure as the rest of the world observes it, but thoroughly test the inside portion of your network – essentially the “trusted” side of your IT operations, where much of the valuable data and other items reside.  

A periodic test is highly recommended to ascertain if there are any gaps that need reviewing and ultimately resolving. Whilst many organisations do a great job at conduction continuous updating and maintenance of an IT estate, there are an incredible amount of vulnerabilities that are released over a given year that impact everything from Windows machines through to network devices and even Smart items that are placed on to networks; all of which present a risk. Conducting an annual or 6 monthly test is a great way to keep on top of these and maintain a good cyber security posture. Equally, most Cyber insurers will want at least an annual penetration test conducting as a requirement to retain valid insurance. 

Ultimately, without conducting periodic testing and knowing your starting point; there may be threats that are present that you simply don’t know about. 

Written by: Simon Barnes, CTO.

Want to learn more?

Read More

News

The Role of Machine Learning in ERP Data Analytics

23 October 2024

ERP data analytics have never been faster or smarter. Find out how machine learning is transforming ERP.

News

Comprehensive IT Solutions for Adamson Rice Law (NI)

15 October 2024

Adamson Rice Law partnered with Xperience to achieve seamless IT operations through IT solutions tailored to their needs. Find out more.

News

Ensuring Compliance with the Data Protection Act in CRM 

10 June 2024

Let's talk about the Data Protection Act and its impact on your CRM system.

News

The limitations to Edge Defence and Anti-Virus Software

3 June 2024

Edge Defence and Anti-Virus Software: Why you need more in your cyber armour to protect your business in 2024.