The power of penetration testing in boosting cyber resilience


CaptureIt seems that every week there is another zero day exploit doing the rounds. Software patching and updates are becoming increasingly frequent, and the rise of mobility is further weakening the business world’s cyber attack surface. Traditional defences can no longer provide the protection needed. Organisations need to become resilient to adapt to these new and emerging threats.

Cyber security resilience involves more than just the prevention or response to a specific attack. It also takes into account the ability to operate during, and to adapt or recover, from such an event. This goal requires cyber risk management, and not one, but many cyber security measures.

Traditionally, companies have focused on protection against specific cyber attacks. In today’s digital environment, however, a resilience-based approach to threats is more effective for organisations wanting to adapt to change, reduce exposure to risk, and learn from incidents when they occur.

Due to the growing interconnectedness that comes with new and emerging business technology, improving the resilience of one organisation can be a small step in improving the cyber resilience of all. The same goes for the disparate departments and operations within a single business. Once a unified, company-wide approach to security is established, there will be fewer points of vulnerability to exploit.

According to CERT Australia, the government’s national computer emergency response team, modern organisations must layer security defences for their IT systems to reduce the chance of a successful cyber attack.

While the installation of traditional security software, including a firewall, anti-virus, and anti-spyware remains an essential first step to cyber security, these safeguards alone are no longer enough to adequately protect an organisation from potential threats.

Instead, businesses should manage risk with multiple defensive strategies, so that if one layer of defence turns out to be inadequate, another layer can step in to help prevent a full breach. This is known as ‘defence-in-depth’.

The multiple defence mechanisms layered across an organisation’s network infrastructure can protect data, networks, and users. A well-designed and implemented defence-in-depth strategy can help system administrators identify internal and external attacks on a computer system or network.

Building organisational resilience to cyber security incidents also requires constant awareness and action. For an organisation to be prepared before an incident occurs, cyber security needs to be part of its risk management, resilience structures, and planning, and staff need to be trained to use good cyber security practices as part of their daily work… Click HERE to find out more about this article