Penetration Testing: Why Internal Security Could be More Important than External.
In the age of big data, information is incredibly valuable, which is why for many businesses, their IT security is paramount, and in many cases surpasses in importance any physical measures a company might take. Property can generally be replaced without issue with the right insurance in place, but data is sometimes irreplaceable, and in a worst case scenario, it can be lethal to a business in the wrong hands.
Last year for instance, a Ponemon study revealed that the average cost of a data breach to a company was $3.5 million dollars. This was a 15% increase on the year previous, with no evidence that an upward trend won’t continue.
Penetration testing then, is an authorised and aggressive attempt to exploit any vulnerabilities in a system to guard against these potentially significant losses. Once identified, they can be rectified, increasing the security of system. There are roughly two aspects to this; internal and external testing. External is as it sounds; it tests the perimeter defences and aims to prevent a malicious attack getting in in the first place.
However, the second, internal component of penetration testing might just be the more important of the two. There are two reasons for this.
The Threat From Within
Firstly, you can have the most effective external defences, but this counts for little if you’re vulnerable to attack from within. Employees, contractors, and anyone else that has access to the system have the potential to do considerable damage. While they may be highly trusted, it’s simply not worth giving free reign to them. Indeed, there are many experts believe that employees are actually the most significant threat to data security. White box testing is generally the way in which this is thoroughly tested; the company carrying out the simulated attack will be given information as though they were someone with inside information.
Secondly, once the external measures have failed and an attack has gained access, it is the internal security that will be protecting data and resource access. Such an attack will frequently act as though it were a normal user with security privileges. If internal security is effective enough, even a perimeter breach is likely to do little real damage.
Ultimately, both external and internal testing are critical to maintaining a high level of security, but it’s the internal side of things that could well be the most dangerous as advancements are made without all users keeping up-to-date with the latest in IT security.