More and more organizations see cybersecurity as a priority. Not only because of stricter laws and regulations or increasing threats, but mainly because of the realization that digital resilience directly affects continuity and reputation. Warpnet recently launched its 5000epentest conducted. A milestone that says more than just a number: it highlights the increased focus of cybersecurity among organizations and shows shifts in the attack surface.
Cybersecurity as a priority
The trend that is very clear in recent years is that pen testing is increasingly being incorporated into the security policies of organizations.
Jean-François Bloem, Account Manager at Warpnet:
“Whereas previously a pen test was often performed in response to a requirement from a customer, an auditor or standards framework, more and more companies are doing it proactively. You clearly notice that there is an intrinsic motivation of companies to increase their digital resilience and that performing a pen test is a good form for this. Tests such as (spear) phishing campaigns, walk-in tests and ransomware simulations are also increasingly being used to raise employee awareness.”
Within Warpnet, we provide approximately 250 pen tests annually for various types of companies, from financial institutions, software developers, healthcare institutions to e-commerce companies.
Shift in the attack surface
Ruben Homs, Ethical Hacker at Warpnet:
“Where organizations used to work primarily with servers in their own server cabinets, we are seeing a clear shift toward cloud environments. That technological change has also changed the threat landscape. Where an attack used to start with physical network access to a server, the risks now increasingly lie with misconfigurations. In addition, organizations are increasingly using large SaaS solutions, which are both well secured and outside the scope of the pen test. As a result, both pentesters and attackers are increasingly focusing on obtaining accounts in order to gain access to these types of solutions. This explains the sharp increase in social engineering, phishing and other human-centric attacks.”
With the shift in the attack surface, the human factor has thus become more important than ever. Ruben:“One pattern persistently recurs in this regard: the use of weak or reused passwords.”
Continuous development
Technology is changing, attack surfaces are shifting and risks are constantly adapting. This is precisely why developing an understanding of both technical and human vulnerabilities remains essential. By performing pen testing, you discover vulnerabilities in your network and applications before malicious actors do.
Explore what a Warpnet pentest could look like for your organization? Get in touch with us.