Skip to main content

Reasons Pentest is inevitable for invisible security

07.Aug.2018
Outpost24
Penetration testing
Knowing your weakness is the best defense. Penetration testing involves running simulated hacking exercises against corporate networks, systems, and people to find out if they are vulnerable to an attack. Also called “white hat hacking” and “ethical hacking,” it is the process of allowing security professionals to hack your company like a malicious hacker would do to help uncover security weaknesses.
In this 2-part blog series, our in-house security experts gaze into their crystal ball and predict what may lie ahead on the threat landscape and cybersecurity industry next year

Technology and hacking trends, Martin Jartelius, CSO Outpost24

  1. As GDPR continues to gain momentum, we will see a perceived rise in the number of reported breaches. However, we will be uncertain if this should be attributed to an increase breach disclosure or an increase in actual breaches, or that breaches against personal data have become financially attractive.
  2. Everyone will need a security expert. Everyone will need a team of application security specialists. But they can’t have them, because “the market” is drained and companies will continue to struggle with finding skilled security staff. This gives rise to the proliferation of MSSPs and consultancies, but also a shift to focus on usability and decision support in security technology, enabling non-security experts to make educated decisions based on advice by their support systems.
  3. Organizations will keep talking about defense in depth but keep building a wall around their perimeter and leaving a very soft network inside. 
  4. As technical security measures continue to make it harder to breach organisations, phishing will continue to rise, and organizations will keep claiming user responsibility for insecurity and gullibility as the problem, however it will still be down to not hardening workstations and internal networks.
  5. We will see an increased focus on supply chain breaches in web applications due to the substantial success of those attacks in the last year. These attacks differ from normal supply chain attacks as instead of targeting code in the manufacturing line, as components are loaded cross domain and across organizations, the website security or large organizations will be broken based on their dependency on small organization.
     

Looking for anything in particular?

Type your search word here