Following on from article one of the benefit of penetration testing to businesses:
We in the West might be tempted to think the Saudis failed to detect the listening device planted in their consulate because they are not a technologically advanced nation.
Really?
What about Germany?
It does not get more technologically advanced than Mercedes and BMW.
In fact, Germany and Switzerland are the only two countries in the world where everything works.
Yet, the email, and phone of the German Chancellor and many German politicians were hacked.
How could that be?
Well the Germans got faked out.
They felt they were too technologically advanced to be hacked.
They did not do penetration testing to test the ability of their system to withstand cyber attack.
Without penetration testing, no organisation can be certain that their network can withstand cyber attack.
I am not suggesting that penetration testing provides hundred percent guarantee that a network will never be hacked.
What penetration testing does is identify system vulnerabilities that could be exploited by hackers.
In addition, it’s the reason penetration testing has to be done periodically.
Penetration testing should not be an event.
Penetration testing needs to be part and parcel of the cyber security countermeasure of every organisation.