As 2021 comes to an end, it was a year like so many others in that it was filled with challenges and opportunities. The biggest challenge of the year, and likely for the coming year, is the Log4j vulnerability. As companies around the globe struggle to assess the impact to their organizations and their customers, along with the resulting mitigation challenges, a new opportunity arises.
The new opportunity: Be proactive.
The Log4j vulnerability, like so many other vulnerabilities, arose as a zero-day threat. Realistically, there is no way to safeguard your organization against these types of threats and this type of threat resolution will remain reactive. So, how do you protect your organization from other threats? Be proactive!
Looking forward to 2022, we at IGI Cybersecurity are shifting our approach as an industry leader in cybersecurity. We are going to help shape our customer’s approach toward cybersecurity from being reactive to being proactive. The typical approach in most organizations is to conduct a penetration test once a year and this is generally done to meet (reactive) a compliance or regulatory requirement. The issue with that approach is that you have 11 months that pass before you test your network again to determine if it is vulnerable.
If you think an annual penetration test enough, ask yourself if any of these activities have transpired since your last penetration test:
- Have I added or changed any of my perimeter defense hardware or software?
- Has my network configuration changed since my last pen test?
- Have I introduced any new software into the organization?
- Have I changed MSPs?
- Have any people joined or left the company?
If you answered “yes” to any of these questions, then you may have introduced a new attack vector for threat actors. At best, you will find out about it when you conduct your next penetration test and maybe that is nine months away. At worst, you find out after your network is compromised.
Proactively conducting a penetration test on your internal and external network every quarter, or every month, significantly reduces the risk you face because it addresses the potential problems before they become a long-term exposure. Don’t get me wrong, I am not saying that penetration tests are a “silver bullet” because they are not; however, they are an essential and fundamental component of any comprehensive, cybersecurity strategy. Testing your environment more often leads to issue discovery sooner which in turn should translate to issue resolution sooner.
To quote an almost 200-year-old adage from Benjamin Franklin, “An ounce of prevention is worth a pound of cure.” Being proactive is that ounce of prevention. So, in 2022, let’s make a collective resolution to be more proactive than reactive in our cybersecurity to lower risk of attack and protect our valuable information.
If you want to learn more about IGI penetration testing, contact us or visit our website.