We get asked this almost as much as how often should we get a penetration test completed. There are many motivators and moving pieces that can drive the timing of a penetration test. Generally, if you’re asking “when should my company schedule a penetration test” the answer is “now”! Coming up with a regular schedule for these events is important, but if you fall into one of the situations laid out below, it’s important to start the conversation. Let’s dive a little deeper:
- Have you ever had a penetration test completed? If the answer to this is “no”, then we recommend getting a penetration test completed as soon as possible. The initial test will act as a baseline to help you demonstrate an improvement in your security posture over time.
- Do you have specific compliance drivers? Different regulations such as PCI DSS v3.2 and HIPAA require penetration testing on a regular basis. If this is the case, you want to ensure that you are within those parameters to avoid being out of compliance and facing potential penalties.
- Have you recently completed a large infrastructure change? Large technological changes can lead to new technologies being implemented that may have not been thoroughly tested before going into production. We recommend, at a minimum, having a vulnerability scan completed. But a full blown penetration test is the ideal way to ensure we can get a new baseline and ensure your company has not opened themselves up to unnecessary risk.
- Have you recently had a security incident? Following a security breach, once the dust has settled and all of the forensic work has been completed, presumably you have determined how the intruders got in and plugged that hole. However, after fixing the exploited vulnerabilities, there could be others that could be uncovered by a penetration test.
These are what we have found are the main motivators that drive our clients timelines for penetration tests, however there could be other things. If nothing else, having regular penetration testing to identify and prioritize your risks can help you sleep better at night, rather than fearing the unknown. Penetration tests are a lot like insurance, if you do not have one completed, you often times do not see the value in having it until it is too late. Contact us today to learn more and get a penetration test scheduled!