Facebook Twitter Instagram YouTube LinkedIn
    Facebook Twitter Instagram LinkedIn YouTube
    Trending
    • Rajiv Kulkarni Talks about the Malware Analysis Pipeline
    • IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’
    • Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases
    • BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles
    • Security Automation Cuts Down Expenses and Saves Time for IT Teams
    • IBM Think 2022 – Embracing the Present, Preparing for the Future
    • A Game of Numbers: The Correlation Between Technology and Sports Betting
    • Software-based Enterprise Solutions for Navigating the “Too Much Information” Age
    TechSpective
    • RSS
    • Facebook
    • Twitter
    • Google+
    • LinkedIn
    • Instagram
    • Pinterest
    • Technology
      Featured
      March 1, 20216

      Could Home Study Be Better for Education? Using Technology to Craft a Better Tomorrow

      Recent
      May 20, 2022

      Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

      May 20, 2022

      BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

      May 15, 2022

      A Look At The Last Generation Of Internal Combustion Engines

    • Reviews
      Featured
      March 4, 20211

      Dell’s UltraSharp 40 – Improving Work and Workplaces with Monitor Innovations

      Recent
      April 7, 2022

      Dell’s Latitude 5430 Rugged – Redefining the Extremes of Mobile Computing

      October 12, 2021

      Innovating Home Video Conferencing: Dell’s New 27 Video Conferencing Monitor – S2722DZ

      September 22, 2021

      Review: Intrusion Shield

    • Podcasts
    • Security
      Featured
      March 7, 20212

      Pandemic Unmasks Vulnerability to Automated Bot Attacks

      Recent
      May 25, 2022

      Rajiv Kulkarni Talks about the Malware Analysis Pipeline

      May 23, 2022

      IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’

      May 14, 2022

      Ransomware is Indiscriminatory – Prepare for Everything to Fail

    • Microsoft
      Featured
      September 12, 20201

      The Microsoft Surface Duo: The Communications Device for Those That Think Different

      Recent
      April 8, 2022

      AI and Why Windows 12 Could Be a Far Bigger Advance than Windows 95 Was

      October 11, 2021

      The Surface Laptop Studio: Building a Windows 11 Targeted Laptop

      August 28, 2021

      Why Microsoft’s Hardware Baseline for Windows 11 Is Important

    • News & Analysis
      Featured
      March 6, 20212

      Fixing The World One Person At A Time: Cisco Networking Academy

      Recent
      May 25, 2022

      Rajiv Kulkarni Talks about the Malware Analysis Pipeline

      May 20, 2022

      BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

      May 20, 2022

      IBM Think 2022 – Embracing the Present, Preparing for the Future

    • Business
      Featured
      March 6, 20212

      Fixing The World One Person At A Time: Cisco Networking Academy

      Recent
      May 20, 2022

      Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

      May 20, 2022

      Security Automation Cuts Down Expenses and Saves Time for IT Teams

      May 18, 2022

      Software-based Enterprise Solutions for Navigating the “Too Much Information” Age

    TechSpective
    You are at:Home»Business»Security»Business Continuity»How Security Testing Contributes to Enterprise Resilience
    security testing red team resilience penetration testing
    Image from Pexels

    How Security Testing Contributes to Enterprise Resilience

    0
    By Evan Morris on April 18, 2022 Business Continuity, Risk Management

    From the COVID 19 pandemic to the Russian attack on Ukraine, there seems to be no letup when it comes to crises affecting the world. Businesses have taken a serious hit by the unexpected turn of events. According to Yelp data, around 60 percent of (initially) temporary business closures during the pandemic have already become permanent. The effects of the Ukraine crisis have yet to be measured, but the observable situation is uninspiring.

    Over the past couple of years, the problem of cyberattacks has hounded organizations of all types and sizes. Cybercriminals took advantage of the pandemic-induced digital transformation acceleration to victimize more organizations, as most of them lacked cybersecurity proficiency. Then the Ukraine-Russia conflict brought about the threat of escalated cyber warfare.

    While the logical response to all the growing risks of becoming the target of a cyberattack is to install security controls, these are not enough. In addition to perimeter and in-app cyber defenses, it is also crucial to undertake security testing as part of an organization’s security posture and overall business resilience strategy.

    Effective and efficient cyber defense means better attack prevention and response.

    A Ponemon study shows that more than half of IT security leaders are unsure if their cybersecurity tools effectively serve their purpose. This is despite the significant amounts they allocate to cybersecurity, which is around $18.4 million per year on average. Many do not perform security validation routines, and many of those that do tend to have ineffective methods or solutions.

    New security testing solutions such as breach and attack simulation (BAS), which identifies vulnerabilities by mimicking the attack vectors or methods used by threat actors, have been introduced to achieve better security validation outcomes. Many organizations are also turning to continuous red teaming and purple teaming to test their systems more systematically and ceaselessly in response to the increasing aggressiveness and sophistication of attacks. All of which ensure that the cyber protections an organization has are adequate or dependable.

    Organized security tests attuned to the current state of the threat landscape contribute to better organizational resilience by boosting the ability of organizations to detect and repel attacks. Enterprises that are more prepared to handle cyber assaults undoubtedly fare better compared to others that easily fall prey to ransomware, social engineering, and other cyberattacks.

    Resilience, however, is not only about resisting attacks. It also entails the ability to anticipate possible disruptions and recover as soon as possible. When organizations have a sensible security validation system, they become more acquainted with their weaknesses. Even if they are not able to immediately plug the security loopholes, the knowledge of what the weaknesses are allows them to respond better to mitigate the problem, avoid complications, and restore normal operations faster.

    Security testing provides a compelling argument to embrace more advanced solutions.

    A survey on penetration testing conducted by a cybersecurity firm reveals an encouraging realization among organizations. A big majority, at 60 percent, admit they are worried that (traditional) penetration testing has limited coverage and leaves several blind spots.

    Traditional penetration testing refers to mostly manual methods that only involve periodic tests on known attack surfaces. They may cover all security controls, but they do not dig deeper into more complex scenarios. They do not undertake tests based on the most recent cyber threat intelligence.

    These tests rely on the decisions of the human cybersecurity experts conducting the security validation effort. The competence of the team doing the test may not be questionable, but they certainly have limitations on how much work they can do and how precise and extensive they can be with the testing.

    The same survey mentioned above also shows that 47 percent understand that conventional penetration testing only detects known assets and not new ones. Additionally, it reveals that some 45 percent conduct the tests only once or twice annually, and only 27 percent do it on a quarterly basis. Meanwhile, an overwhelming 79 percent say that pen tests are costly, and 78 percent are willing to use more expansive testing if the costs of doing so could be cheaper.

    All of these show the need for a much better system for security validation, something that is not resource-exhausting, time-consuming, and financially burdensome. It is good to know that considerably better systems already exist. As mentioned, automated breach and attack simulation and purple teaming solutions are already available. They can be integrated into multifunction cybersecurity validation platforms that continuously evaluate all the security controls of an organization and generate timely reports and insights.

    Moreover, to take advantage of up-to-date threat intelligence, cybersecurity platforms incorporate cybersecurity frameworks like MITRE ATT&CK, a globally accessible resource for the latest adversarial tactics and techniques. The use of established frameworks systematizes the identification and handling of threats, which results in more effective and efficient defenses.

    Advanced security testing solutions like BAS, continuous red teaming, and purple teaming, together with established cybersecurity frameworks, offer more cost-efficient and more effective ways to go about security testing. It shows organizations how things can be significantly better with new technologies and methods.

    Modern security validation helps establish a culture of continuity, constant watchfulness, and collaboration.

    With organizations convinced to switch from conventional to advanced security testing, it becomes easy for them to keep up with trends that radically improve cyber protection. At the same time, they get to realize that it is not impossible to be constantly alert to cyber threats and be able to conduct continuous security testing (from the rare and periodic frequency they have been accustomed to). By using the right tools and technologies, security testing becomes more effective, efficient, and suitable for the needs of the times.

    How do these impact enterprise resilience? They up the ante in being a going concern business. Instead of only addressing financial and other business-related challenges, organizations learn to live with the dangers of cyber threats. As demonstrated by the increased cybercriminal activity during the pandemic and the rise of cyber warfare with Russia’s aggression, almost everyone is affected by cyber threats. It only makes sense to be prepared for the consequences.

    Also, the collaboration exemplified by the creation of global cybersecurity frameworks and sharing of cyber threat intelligence serves as cyberspace’s reflection of the kind of collaboration businesses can forge to help each other during times of crisis. Instead of trying to survive individually, businesses can work together and also coordinate with government agencies to adapt to economic turmoil better.

    Aided introspection towards greater resilience

    Security validation or testing with the help of advanced tools provides an effective way for organizations to self-examine and determine their weaknesses and implement improvements. It makes businesses more resilient by being aware of their deficiencies as the business landscape changes over time. These changes will not wait for organizations to be ready. Organizations need to be the ones adjusting and adapting to new threats while finding ways to mitigate problems and survive.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleWith the Acquisition of Poly HP May Have Cornered the Market on Hybrid Collaboration
    Next Article IBM’s New Success Secret: Focus
    Evan Morris

    Known for his boundless energy and enthusiasm. Evan works as a Freelance Networking Analyst, an avid blog writer, particularly around technology, cybersecurity and forthcoming threats which can compromise sensitive data. With a vast experience of ethical hacking, Evan’s been able to express his views articulately.

    Related Posts

    How Dark Web Monitoring Works

    Jake Kouns Discusses Why Better Vulnerability Data Matters for Effective Cybersecurity

    Qualys Focuses on Comprehensive Visibility and Asset Management

    Leave A Reply Cancel Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Site Sponsors
    Intel
    DevOps.com
    Adobe
    PopSpective
    • Technology
    • Popular
    • Top Reviews
    May 20, 2022

    Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

    May 20, 2022

    BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

    May 15, 2022

    A Look At The Last Generation Of Internal Combustion Engines

    9.0
    July 14, 2016

    Review: Lenovo Yoga 900S

    9.5
    March 2, 2015

    Review: Asus Zenbook UX305 ultrabook

    8.0
    February 9, 2015

    Review: Burg 12 smartwatch

    9.7
    November 16, 2018

    Review: BlackVue DR900S-2CH Vehicle Dash Cam

    9.5
    September 2, 2015

    Review: Microsoft Band

    May 27, 2014

    Protect your family photos with ScanMyPhotos

    Coffee and Politics
    Popular Posts
    9.0
    July 14, 2016

    Review: Lenovo Yoga 900S

    9.5
    March 2, 2015

    Review: Asus Zenbook UX305 ultrabook

    8.0
    February 9, 2015

    Review: Burg 12 smartwatch

    Coffee and Politics
    PopSpective
    Coffee and Politics
    PopSpective
    • RSS
    • Facebook
    • Twitter
    • Google+
    • LinkedIn
    • Instagram
    • Pinterest
    About

    TechSpective covers technology trends and breaking news in a meaningful way that brings value to the story, and provides you with information that is relevant to you. We offer in-depth reporting and long-form feature stories, as well as breaking news coverage, product reviews, and community content in plain English terms, and with a unique perspective on technology.

    Coffee and Politics

    © 2020 Xpective, Inc.

    • About
    • Privacy
    • Advertise
    • Subscribe
    • Contact
    © 2021 Xpective, Inc.
    • About
    • Privacy
    • Advertise
    • Subscribe
    • Contact

    Type above and press Enter to search. Press Esc to cancel.