With a record number of new critical vulnerabilities reported every day, an annual Penetration Test, in isolation, is now (or should be) consigned to the history books.
Our own statistics show that on average in the second half of 2020 a total of 644 new vulnerabilities of all threat levels were reported every day. At the start of August 2020, we were testing 915,510 vulnerabilities per scan, by January this year (2021) we were testing 1,014,123 vulnerabilities.
But the more worrying fact within those figures, is that on average a staggering 50 new critical or high threat level vulnerabilities are being added to the list every single day! That’s 50 more ways your system can be compromised than yesterday. That’s one every half an hour!
Many compliance standards like PCI-DSS and CyberEssentials+ require organisations to perform annual penetration testing or vulnerability scanning as part of their annual certification and compliance process. Many organisations are now quite used to the process of undergoing an annual vulnerability scan. However, given the statistics above, about 18,000 new critical or high vulnerabilities would be added in that period, which quite clearly makes an annual assessment – on its own – woefully inadequate.
Many organisations will struggle to convince management that they need to go well beyond what they are required to do for their compliance status and perform a monthly VAPT scan. The cost of Penetration Testing is traditionally quite high, and most organisations will struggle to see the value or ROI of doing a Penetration Test every month. But, if there was a lower cost monthly automated VAPT scan, then most of the organisations who are reluctant to perform monthly scanning would be brought into the marketplace.
The latest epidemic of ransomware has brought several key areas of cybersecurity into sharp focus, one of which is how vulnerable networks and websites are to attacks. Vulnerability assessment is the way for organisations of all sizes to check the strength of their defences, uncover misconfigurations and prioritise risks.
Low-cost regular automated scanning is the answer to the current dilemma faced by many organisations, they need the protection afforded by a regular vulnerability assessment, but don’t have the budget for monthly penetration testing.
Bluedog’s Low-Cost Regular VAPT service: