As the need for regular security assessments continues to grow, penetration testing tools are helping organizations advance their in-house programs through strategic automation. However, there is a misconception that automated tools are best for those with a reduced headcount, like small teams or individuals.

These days, an organization’s technology stack isn’t merely computers and servers. The Internet of Things (IoT)—a catch all term for the many different devices that have sensors or software that connect them to the Internet—has carved out a foothold in every industry. Hospitals are filled with devices that monitor patient status, farmers are using sensors placed in the ground to obtain data about soil, and utility plants rely on SCADA systems to keep things running.

Authored by: Julio Sanchez

As a new year looms bright with possibility in front of us, how can we prepare for a world that looks profoundly different than it did a year ago? On the cybersecurity front, we can always anticipate continuing battles with familiar foes, as well as a few new challenges on the horizon. Though we may not have a crystal ball, based on our observations and discussions, here are six predictions for the upcoming year.

As 2020 comes to an end and we anticipate gleefully tossing our calendars in the garbage, we can all agree it was one of the most tumultuous years in recent history. It was a difficult time for almost every person and industry, and cybersecurity was certainly no exception, with shocking breaches, mass transitions to remote working, and threat actors thriving as the pandemic raged on. Though we’re as eager as everyone else to look forward, let’s look back at 2020 one more time to identify trends that may help you plan for a better 2021.

It’s no secret that organizations today face a constant onslaught of identity-related access risks within the current threat landscape. One of the most critical and potentially damaging access risks that can exist under the surface of an organization is the lack of controls to ensure adequate segregation of duties (SoD).

The latest release of Core Impact has arrived! Version 20.3 showcases our commitment to creating a comprehensive, streamlined process for testing the defenses of any IT environment. At the forefront of this effort is the debut of exciting new interoperability capabilities with our red teaming platform, Cobalt Strike.

These days, encountering malware like viruses, ransomware, trojans, or worms has become all too common—it’s almost an inevitability. In fact, according to the 2020 Malware Report by Cybersecurity Insiders, 88% see malware as an extreme or moderate threat, and 75% believe malware and ransomware will increase in the next year.

Image

Authored by: Julio Sanchez

Implementing an Identity Governance and Administration (IGA) solution can be a daunting task. Organizations of all sizes recognize the complexity of mitigating identity-related access risks across countless devices, applications, and systems, but need a way to see through the competing priorities and to understand that IGA is not an all or nothing proposition. Rather than a destination, Identity Governance and Administration should be viewed as a journey.

A common tactic of attackers trying to breach an environment is to use an exploit against a known vulnerability in an application or device present in a targeted infrastructure. Exploiting a vulnerability can provide an attacker with privileges or capabilities they would not normally be granted.

Authored by: Julio Sanchez

The impact of COVID-19 has been far-reaching across nearly every sector. Millions of employees now work remotely, making companies particularly vulnerable when it comes to external access risks. Many organizations lack a centralized process to manage user access to accounts and resources. They often have limited visibility into access levels users possess to data and systems within their network. And they may be quickly adding or changing access levels to meet the needs of their remote workforce.

Financial services information security continues to be a top priority across the entire financial sector—and for good reason. The Verizon Data Breach Investigations Report found that financial profit or gain was the primary motivation in 71 percent of all information security incidents, making financial services organizations a prime target for attack.

For small and mid-sized organizations, mitigating identity-related access risks may seem like a never-ending struggle they face on their own. Tasked with supporting countless systems, networks, and applications with access to key data, they frequently have limited staff and rely on manual user provisioning and deprovisioning. They may depend on decentralized processes for managing accounts—limiting their visibility into access levels and magnifying access risks across the business.

Authored by: Julio Sanchez

The rise of robotic process automation (RPA) during the last several years has enabled organizations to adopt new technologies that drive efficiencies across their business. RPA solutions leverage software robots that communicate with business systems and applications to streamline processes and reduce the burden on employees for completing mundane, repetitive tasks. Embracing new technologies like RPA has helped organizations transform the way work gets done.

Penetration testing, also known as a pen test, is a security exercise that reveals an organization’s security vulnerabilities through a defined testing process. A penetration test may focus on networks, applications, physical facilities, individuals, and more.

Ever since Ali Baba uttered “open sesame,” thieves have been using stolen passwords to access hidden riches. In the digital world, password attacks have been and continue to be a common way for threat actors to gain access to an organization’s treasure trove of data. No matter how many emails we get from IT explaining what makes a good password, many of us still use the same basic password in multiple places simply because they’re easier to remember.

Security vulnerabilities are one of the most common problems in cybersecurity today, as they may exist in operating systems, services and application flaws, improper configurations or risky end-user behavior. According to the statistics from the Common Vulnerabilities and Exposures list, 12,174 new vulnerabilities were uncovered in 2019—over 13 times as many as were discovered in 1999, when the database first came into existence.

With the rise of cloud computing, organizations have expanded their reliance upon cloud platforms. Many have expanded their capabilities and capacity through cloud servers, while others have adopted a hybrid approach that includes both cloud and on-premise environments.

We are so excited about our latest release of Core Impact. Version 20.1 was fueled largely by the valuable and genuine feedback our customers have shared with us. This release was jam packed with new features, including several new additions that offer added convenience and increased usability. To recap, we thought it would be helpful to highlight the top 5:

Authored by: Julio Sanchez

As both cybersecurity breaches and compliance mandates increase, third-party pen testing services are no longer seen as optional. These teams specialize in ethical hacking that gives organizations insight into possible security weaknesses and attack vectors in their IT environment. Being in such high demand, more and more testing services are emerging, presenting businesses with a new challenge of selecting which service to use. How do you know which one is right for you?