Malicious attacks against corporate assets have risen 64% in 2015 compared to 2014. As new solutions are brought online, security is often an afterthought. For example, a recent study found that 33% of companies did not test mobile applications for security vulnerabilities. Hackers looking for the next zero-day exploit constantly scrutinize existing technologies; these technologies require periodic security testing to maintain their integrity.
Having a machine scan your severs is a great step to help prevent data breaches, but the human element of security testing cannot be overlooked. Human testers can learn how an environment works and create attacks even more sophisticated than those criminals have.
The four areas that should be addressed periodically are:
Applications – Penetration testing and source code review to identify vulnerabilities in web, mainframe, terminal, middleware and mobile platforms.
Network – Penetration testing of internal, external, wireless and other radio frequencies.
Hardware – Verifying the security between the physical and digital realms by testing internet of things, wearable devices, point of sales systems, ATM’s, automotive systems and self-check out kiosks.
Human – Performing simulations of phising campaigns, social engineering, ransomware, and physical security violations to determine testing priorities, document remediation requirements and enforce security policies.
Taking these steps will provide companies with a better view into the efficacy of their current security posture and steps needed to enhance it.