Breaches are widely observed in the healthcare sector and can be caused by many different types of incidents, including credential-stealing malware, an insider who either purposefully or accidentally discloses patient data, or lost laptops or other devices. Personal Health Information (PHI) is more valuable on the black market than credit card credentials or regular Personally Identifiable Information (PII).

A complete security program involves many different facets working together to defend against digital threats. To create such a program, many organizations spend much of their resources on building up their defenses by investing in their security configuration management (SCM), file integrity monitoring (FIM), vulnerability management (VM) and log management capabilities. These investments make sense, as the resources listed above can all help protect the organization.

Penetration testing, often called “pen testing” is one of several techniques used to verify cybersecurity posture and provide a level of assurance to the organization that its cyber defenses are functional. It’s a way of testing defenses against an adversary who mimics a cyber-criminal actor.

I’m a red teamer. I do work similar to pentesting and use many of the same tools. This year, I’ve added several tools to my toolbox. I’ll introduce them to you below and hope you find them valuable, as well.

Penetration testing is becoming increasingly popular as organizations are beginning to embrace the need for stronger cybersecurity. But there are still too many businesses that don’t fully understand the benefits of regular security testing. Pen testing is vital for any kind of organization with an IT system or website. A recent survey of penetration testers revealed that 88 percent of those questioned said they could infiltrate organizations and steal data within 12 hours.

We at Bulletproof provide a range of different cyber security services, including penetration tests, managed SIEM, and compliance consultancy. Though undoubtedly the most interesting (and cool) service we offer are our red team assessments.

Nowadays, high-profile security breaches continue to dominate the media headlines. This trend places an increasing number of businesses at risk. They are growing in amount and complexity while malicious hackers are actively developing new and more sophisticated forms of attacks every single day.

You’ll often find that ‘vulnerability scan’ and ‘penetration test’ are wrongly used interchangeably, creating confusion about which is the right security choice for businesses. Broadly speaking, a vulnerability scan could be thought of as a surface-level security assessment, whereas a penetration test delves that much deeper. In fact, penetration testers often make use of a vulnerability scan as part of their process.

Last week, we spoke about the common issues that come up throughout a penetration test. We left out what many of our penetration testers think of as the ‘biggest issues’, however, as the finished article rivalled Dickens at his wordiest. Still, they’re definitely worth raising, as some of the most common issues that emerge from a penetration test don’t involve misconfigurations, vulnerabilities or hacking of any kind.

It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing on its own cannot secure the entire network. Both are important at their respective levels, needed in cyber risk analysis and are required by standards such as PCI, HIPAA and ISO 27001.