02 Nov / 2022
In light of growing high-profile cyber security attacks in Australia, a number of organisations and enterprises are looking to improve their cybersecurity penetration testing programs. Gone are the days when the annual vulnerability scan was sufficient - Australian businesses these days need a robust cybersecurity penetration testing program that:
A good cybersecurity penetration testing program will also provide the following:
A note on Cybersecurity Penetration Testing versus Vulnerability Scanning:
A number of organisations can be misguided over the capability of vulnerability scanning and its level of cybersecurity assurance. While vulnerability scanning has a place in an ongoing cybersecurity penetration testing program and cybersecurity strategy, actual testing will determine if the vulnerability can be exploited. A vulnerability scan will pick up on an issue, but without demonstrating that it can be exploited, organisations will not have full understanding of the impact.
The key criteria to address when building a Cybersecurity Penetration Testing program:
If you have a particularly complex organisation, perhaps with a number of compliance measures or mergers/divestment activity, it is likely that you do not have full visibility over your cybersecurity vulnerabilities. A cybersecurity penetration test is a common request as part of due diligence. When we work with our customers to build ongoing programs, we assess the following criteria:
What types of testing should be included?
The types of cybersecurity penetration testing you should incorporate can vary from business to business. The following are examples of the different types of tests that one might conduct:
How often should you be testing?
Typically it is recommended to conduct cybersecurity penetration testing at least once a year which should include internal, external and cloud testing. However, depending on the speed in which your organisation is growing or undertaking digital transformation work - more tests on a quarterly basis (or even higher frequency) may need to be built in. Additionally, if there is merger and acquisition activity, cybersecurity penetration testing in the due diligence phase as well as merger integration phases, is recommended.
As part of a resilient security regime, companies across Australia are advised to run a robust cybersecurity penetration testing program that continually assesses their cybersecurity posture.
Not all cybersecurity penetration tests are the same, and finding a deeply skilled provider is not an easy task. At Cythera we leverage the many cybersecurity tools we have available in our Security Operation Centre, to go way beyond a simple vulnerability assessment, providing our clients with exceptional technical understanding that is not overly reliant on standard ‘out of the box’ automation tools.
Our technical experts intimately understand the perspective of the attacker, which allows them to anticipate where a potential attack vector might be. Sometimes the problem is less technical in nature, and instead could be a logic failure or process bypass that requires a human to step in and provide technical understanding.
Our team is skilled in maximising the impact of your penetration test at the absolute minimum price point through carefully understanding and refining the scope of engagement, sensitivities to any reporting requirements, delivery timeframes and any additional operating requirements.
Meet with the Cythera Cybersecurity Penetration Testing team to learn:
In exchange for your time, and to thank you for choosing Cythera, we will make a $100 AUD donation to one of the following charities of your choice:
Common issues with the ACSC 37 Strategies
Common issues with the ACSC 37 Strategies to Mitigate Cyber Security Incidents The ACSC publication, Strategies To Mitigate Cyber Security Inci…Read More
Redefining Cybersecurity for Australian Law Firms: The Promise of SASE Architecture
Redefining Cybersecurity for Australian Law Firms: The Promise of SASE Architecture The Australian legal sector's increasing adoption of digita…Read More
Common Scenarios Where Organisational Oversight Leads To Key Cyber Vulnerabilities
Common Scenarios Where Organisational Oversight Leads To Key Cyber Vulnerabilities As Australian organisations move into 2024, there's an incre…Read More