How Often Should Your Organization Conduct Penetration Testing?

Posted by Melanie Klag on Nov 11, 2019 11:16:12 AM
Melanie Klag

By now, you should know why your organization needs to conduct a penetration test (if not, read why here). But have you considered how often your organization needs to conduct a pen test? With data breaches on the rise and the ever-changing methods criminals are using to conduct cyber-attacks, having regularly scheduled penetration testing is necessary.

When to Schedule Your Pen Test

Conducting a penetration test is necessary for every size organization, but once is not enough. Maintaining a regular schedule to run pen testing is ideal, but the timing may depend on a number of factors, including:

The size of your organization: The larger your company, the more vulnerabilities you have to your system because you have more employees and more devices. Plus, you may be seen as a more valuable target for hackers. For the safety of your data, your customers, your employees and your reputation, scheduling a pen test every six months or even quarterly may be ideal.

Compliance laws: Depending on your industry, you may be required to run a penetration test at least once per year. Because you must ensure compliance, know what is required of you. Payment card industry (PCI-DSS) regulations require an annual penetration test and anytime your organization has system changes. The Sarbanes–Oxley Act of 2002 (SOX) and Health Insurance Portability and Accountability Act (HIPAA) mandate an annual penetration test from a third party.

The addition of new systems, locations or infrastructure. Whenever you make significant changes to critical infrastructure, software, networks and/or policies, you may consider running a new penetration test. Adding or adjusting networks and infrastructure could open it up to exposure that was not previously there. A new pen test will find these unearthed vulnerabilities. It is highly recommended to conduct the new test, especially if you are investing a lot of time and money into the new systems. You will want to ensure their security.

Regularly Scheduled Pen Tests Will Protect Your Company

Protected your data and your clients’ data is of upmost importance. It is not enough to simply deploy cyber defenses, you also have to test them to make sure they are effective against cyber threats. Pen tests must be run regularly to ensure your defenses can keep up with the advances in malware and cyber-attacks. SubRosa Cyber Solutions will help you keep your penetration testing on a regular schedule.

Topics: "Pentesting", "Cybersecurity", "Penetration Testing"