Who Needs A Pen Test?

One of the most common questions we receive is, “Do I need a pen test?” A pen test (or penetration test) is a simulated cyber attack that seeks to identify previously overlooked security flaws using real-world hacker techniques. This is also called ethical hacking. A pen test project will likely result in a list of security issues an organization should fix so that they can avoid experiencing a serious security incident. The idea is to find and fix your security issues before the bad guys can exploit them and cause damage.

While it may seem obvious that getting a pen test would be prudent, there may also be some regulatory reasons why an organization would contract out for a pen test. Regulations like the pentagon’s CMMC (Cyberecurity Maturity Model Certification), Graham-Leach-Blilely (GLBA), Payment Card Industry (PCI) standards, and HIPAA (Health Insurance Portability and Accountability Act) all have pen testing / vulnerability assessment requirements that may require a pen test.

Don’t fall under any of these regulations? Many cyber insurance carriers are beginning to ask applicants if they’ve had a recent pen test from a qualified third-party cybersecurity firm (especially if you want a ransomware addendum to your policy). Also, there is an increasingly large number of businesses that are making pen testing a minimum security requirement for their partner business and suppliers since “supply chain attacks” have been identified as a highly successful tactic for cyber criminals.

Since pen test vendors get especially busy at various times of the year, it’s best to begin scoping discussions long before your deadline to get a pen test. If you’d like to learn more about pen testing or what it would cost to have your organization engage Mile High Cyber for a pen test, please reach out to us through our Contact Page.