60% of respondents to a recent survey on penetration testing conducted by Informa Tech said that pen testing provides "limited test coverage" or leaves "too many blind spots". 😎
Another 47% are concerned that testing "looks only at known assets, rather than discovering previously unknown assets." 🔎
Is pen-testing dead❓
Rob N. Gurzeev discusses this in his article at Toolbox.
Attackers will target the easiest to exploit and most lucrative access points by looking and finding those assets that are not covered by the pen tests. ☠️
Unfortunately, the pandemic has shown us many examples of exploitation of home-working-related assets with low levels of protection that have not been pen-tested. 🛋
Also, the Digital Transformation initiatives and the fast move to the cloud mean that a significant portion of an organization's attack surface is not known to their security and their IT teams. ☁️
Is your security posture based only on the assets that you are aware of? 🤔
Are you discovering your entire attack surface and testing it at scale? 🤔