High-profile cyber-attacks continue to demonstrate the critical importance of conducting regular security testing, tailored to your infrastructure's specific requirements. These measures are not just a part of a comprehensive security strategy; they are essential tools in your defence arsenal. Let's explore three different scenarios to understand the significance bespoke security testing can have.

A Breach Avoidable with Vulnerability Assessment

The Equifax Data Breach 2017

In 2017, Equifax, one of the largest credit bureaus in the United States, suffered a massive data breach that exposed the personal information of 147 million people. The breach was primarily due to an unpatched vulnerability in the Apache Struts web application framework, which was publicly known and for which a patch was available months before the breach occurred.

How Could Vulnerability Assessment Have Helped?

A thorough vulnerability assessment could have identified this unpatched flaw in Equifax's network. Regular assessments, which should be a staple in the security protocols of any organisation handling sensitive data, would have highlighted the need to update the Apache Struts framework, thereby potentially preventing this catastrophic breach.

A Breach Avoidable with Penetration Testing

The Target Corporation Breach

In 2013, Target, a major US retailer, experienced a breach that led to the theft of credit and debit card information of about 40 million customers. The attackers gained access through network credentials stolen from a third-party vendor and exploited weaknesses in Target's security to move laterally within the network.

Would Vulnerability Assessment Have Been Enough?

In this case, a standard vulnerability assessment might not have been sufficient. The breach involved a more complex attack vector, utilising stolen credentials and exploiting multiple lesser vulnerabilities in a chained attack. A comprehensive penetration test, simulating real-world attack scenarios, could have uncovered the weakness in vendor management and internal network security. This would have allowed Target to strengthen its security posture against such sophisticated attacks.

A Breach Beyond Penetration Testing: The Need for Assumed Compromise Testing

The SolarWinds Orion Compromise

The SolarWinds breach, a sophisticated and long-undetected supply chain attack, affected numerous US government agencies and private companies. The attackers compromised the software build environment of SolarWinds' Orion product, inserting a malicious backdoor into the software updates.

Limitations of Penetration Testing in This Scenario

Even a full penetration test might not have revealed this deeply embedded, advanced persistent threat (APT). The attackers operated at a level of stealth and sophistication that surpassed typical penetration test simulations.

The Role of Assumed Compromise Testing

This scenario underscores the importance of an 'assumed compromise' approach. Organisations need to operate under the assumption that a breach could occur (or has already occurred) and focus on rapid detection, response, and mitigation strategies. Regular assumed compromise testing, combined with robust incident response planning, could have helped in quicker identification and containment of the breach, thereby mitigating its impact.

Conclusion

These examples illustrate the layered nature of cyber security defences. Vulnerability assessments are essential for identifying and patching known weaknesses, penetration testing goes a step further in simulating real-world attacks, and assumed compromise testing prepares you for the eventuality of a breach. Each layer plays a critical role in forming a comprehensive security strategy, underlining the importance of a multifaceted approach to cyber defence. As the threat landscape continues to evolve, so must our strategies in protecting our most valuable digital assets.

Contact us today about creating a bespoke security testing strategy that fits your network infrastructure requirements and your current security posture.