Security News > 2021 > May > How penetration testing can promote a false sense of security
Penetration testing in and of itself is a good way to test cybersecurity, but only if every nook and cranny of the digital environment is tested; if not, there is no need to test.
By tools, Gurzeev is referring to penetration testing: "Penetration testing is a series of activities undertaken to identify and exploit security vulnerabilities. It helps confirm the effectiveness or ineffectiveness of the security measures that have been implemented."
The survey report, "The Failed Practice of Penetration Testing" mentions right away: "While organizations invest significantly and rely heavily on penetration testing for security, the widely-used approach doesn't accurately measure their overall security posture or breach readiness-the top two stated goals among security and IT professionals."
As to why, the press release explained, "Research shows that when using penetration testing as a security practice, organizations lack visibility over their Internet-exposed assets, resulting in blind spots that are vulnerable to exploits and compromise."
45% conduct penetration tests only once or twice per year.27% conduct penetration tests once per quarter.
"There is very limited value in testing only a portion of your attack surface periodically. Unless you are continuously discovering and testing your entire external attack surface, you don't have an overall understanding of how secure your organization is."