The UK version of SC magazine recently published an article of mine on the validity – or lack thereof – of penetration testing.
The explosion of new elements of IT infrastructure – mobile devices, cloud, even shadow IT – are stretching the boundaries of the network further than ever before. Logically, this would suggest that pen testing is now more important than ever, but perhaps this isn’t necessarily the case.
The fact is, malware is evolving. In the past, cyberattacks were done for fame rather than for damage, and as such, tended to be noisy, generating logs and alerts in their trail and were therefore easy to identify and quarantine. In today’s threat landscape, advanced persistent threats (APTs) are designed to be almost invisible, silently entering a network and remaining undetected for as long as possible until they contact other machines to surreptitiously send data.
That means that security teams need to focus elsewhere – not on what’s making its way into the system, but on what’s making its way out.
To read the story in full, click here.