Regular penetration tests, unfortunately, do not guarantee you won’t be hacked. In fact, if a firm offers you any sort of guarantee with regards to the results and your susceptibility to a breach following an assessment, this should be a red flag. While we can’t give you a penetration test guarantee that you won’t be hacked, we can guarantee you are getting the highest quality assessment. And you’ll definitely better understand your risk of a data breach, allowing you take the appropriate action to better protect your organization.
Why can’t you guarantee I won’t get hacked?
Great question. Penetration tests are meant to act as a point in time assessment of your organization, based on the provided scope of targets. As technology constantly changes, so do the attack techniques and tools of hackers. Additionally, new vulnerabilities are constantly uncovered that could potentially lead to successful exploitation. For example, your penetration test could have been completed yesterday, but a new vulnerability was discovered today. If that vulnerability is present on your network, well, you see where I am going with this….
Furthermore, a penetration test is bound by the constraints of the assessment, including any rules of engagement and the time allotted for the assessment. For example, if we are launching a password attack on your network but only have a limited testing window, we are restricted as to the number of attempts that can be executed. In the real-world, an attacker has no time constraints and can run attacks until they achieve their desired results.
Finally, real networks and are constantly changing. New systems are introduced, existing systems are updated, and hosts are decommissioned. All of these things can change your network’s security posture and introduce new vulnerabilities.
How can I help protect my assets in between penetration tests?
The first step is to review the findings of your most recent penetration test and implement the suggested fixes. This will help ensure all of the known vulnerabilities are addressed. Secondly, you can look to implement or continue to leverage ongoing vulnerability scanning in between penetration tests to assist with finding and fixing new vulnerabilities. Vulnerability scanners are constantly being updated to catch new vulnerabilities.
At Triaxiom, while we cannot give you a penetration test guarantee you will be 100% safe from an attack, we can guarantee that we will use all of the tools and techniques available to us during your assessment to ensure we are providing the highest quality and most holistic assessment we can. We want partner with you and assist in any way we can to help you fortify your security posture and prevent you from becoming a breach statistic.