Over the years, penetration testing has had to change and adapt alongside the IT environments and technology that need to be assessed.
Broad cybersecurity issues often influence the strategy and growth of pen-testing. In such a fast-paced field, organizations get real value from learning about others' penetration testing experiences, identifying trends, and the role they play in today's threat landscape.
While there is much to be gained from a single snapshot, additional value can come from long term data collection and year over year comparisons. We can see whether the effects that recent trends have on pen testing are long term, or simply a temporary shift, and how they affect the continuing evolution of penetration testing. For instance, 2020 saw a massive influx of remote work.
Unfortunately, the convenience of working safely from home increased the risk of a breach as countless new attack vectors opened up, both from the way employees connected to networks, as well as the devices they connected. VPNs, whose purpose is to ensure a secure connection, became a popular target for attackers.
Additionally, phishing attacks also surged as threat attackers took advantage of a global crisis, knowing employees were more prone to open emails that seemed to offer information about the pandemic.
A year full of such upheaval may be full of anomalies, or it could be the beginning of a permanent shift. Will organizations return to in-office work, or will network pen testers need to assume that the security perimeter includes the homes of employees?
Organizations may only need to temporarily prioritize social engineering penetration tests they have third parties run, or they may need to consider a long-term strategy, like having their internal security team use a pen-testing tool to run regular pen testing simulation campaigns.
In order to track these changes year over year, Core Security, a HelpSystems Company, is launching the 2021 Penetration Testing Survey.
Comparing the results with those of last year's inaugural survey will help show the true impact that 2020 had on the organization's pen testing behaviors. It will also provide data for analysis and insight to show the influence these new trends have on the years ahead, as well as the general evolution and advancement of the penetration testing field.
If you are involved in pen testing in your organization, we want to hear from you. By participating, you will be joining a community of like-minded cybersecurity experts in discussing ethical hacking program effectiveness and the resources required to deploy them.
Want to take part in this anonymous survey that will provide valuable research findings on pen testing? Take the survey now.