We build our houses with the intention of them surviving the storm. Likewise, we build our IT and security systems with the intention of them withstanding a cyber attack.
But the question remains - do we test them or make assumptions and live in a false sense of security just like the fable of “The Three Little Pigs”.
The reality is that the big bad “hacker” wolf will turn up eventually to “huff and puff”. The question is - do you KNOW what that would do to your house.
Today, with one click pentesting software, you test on-demand. It’s a shame not to give it a go.
A lot of respect and appreciation is due to today’s medical staff, there’s no doubt. But I would argue that we owe just as much to the cybersecurity teams keeping our businesses, economy, and in a sense, our livelihood, protected.
I call them Corporate Patriots™ - and they deserve our appreciation, gratitude, and respect during these hard times. The CISO’s role is one of the most difficult ones in the world. It’s a job for survivors.
During these pandemic days, the gap between the CISOs’ tasks and the means they have to perform them is reaching an all-time high. More attacks and more attack surfaces, with less budget and less staff. When you pile on the WFH challenges, I believe we can agree that this Cybertoon is actually an understatement of their realities.
It’s a zoo, some say it’s a jungle - there are more than fifty penetration testing tools and utilities that one needs to master to become a seasoned almighty pen-tester.
That would be fine if it could scale, but unfortunately - it can’t. Today, manual Penetration Testing is still an expensive, point-in-time and limited scope exercise.
It is time for automation. It is time for one platform that runs penetration testing with a few clicks and hides all this complexity and inter-tool information passing. It is time for a solution anyone can use continuously to conduct a week’s worth of a pen-test in an hour.
It is time for PenTera.
Millions of self-quarantined employees are as productive as ever with extended and scaled Zoom and VPNs. However, it’s too soon to announce ‘business as usual’ without addressing the additional attack surface gained as a result. This is increasingly true in the case of combined home-work computers.
Corporate firewall and anti-phishing security controls rarely apply, home routers are ungoverned, browsers hold sensitive passwords and kids and adults alike are being targeted with phishing campaigns daily through email and sites. A possible outcome is that the VPN is transformed, by an "owned" computer, into a magical back door to the organizational network.
The most important thing to do is to test and test again - to determine and prioritize the controls required to harden the dwelling workforce environment.