Penetration testing, or pen testing, has become a common practice for helping organizations take a proactive approach to protect against cyber threats. Per a 2015 survey, 92% of organizations with a cybersecurity program in place conducted pen testing. My guess is that number may only have increased over the past three years due to increased business compliance requirements and publicly revealed compromises exposed in the media.
However, we can’t expect the way we approached pen testing in 2015 to provide the same level of protection today. As the attack techniques cybercriminals use have evolved, the methods of pen testing organizations have as well. Today, there are a variety of penetration testing methods organizations can use to identify and resolve potential weaknesses in their cybersecurity programs.
One method that is becoming increasingly important for businesses in every industry is internal network pen testing.
What is Internal Network Pen Testing?
For years, organizations have used external pen testing to evaluate the possibility of a remote attacker getting into the internal network and is the traditional, more common approach to pen testing. However, in today’s world, external threats aren’t the only areas of concern. In fact, according to a cybercrime study conducted in 2017, an important cyber threat to a business could be its very own employees. Whether it’s a malicious insider or simply a negligent employee who exposes your organization to a phishing attack, organizations must consider evaluating their cybersecurity efforts from an attacker’s point of view who has already gained access to the internal network. Employing security measures on the inside, as well as the outside, fulfills the proven strategy of having a “defense-in-depth” approach to your information security.
Internal network pen testing helps organizations mitigate the increasing possibility of internal threats by simulating what an insider attack could accomplish. The target is typically the same as with external pen testing, but the major differentiator is that the “attacker” either has some sort of authorized access or is starting from a point within the internal network.
Why Do Businesses Need Internal Network Pen Testing?
Many organizations have an effective infrastructure for monitoring external threats, but their internal detection capabilities are lacking. And, while having a rogue employee in your midst isn’t likely, ensuring that your critical internal systems are secure is paramount. Here are a couple of reasons why internal pen testing is important:
- Today’s cybercriminals are using “internal methods” for penetrating organizations. In today’s world, many cyber attackers target people within your organization. They will work to compromise the technology through phishing techniques and then move laterally throughout your entire organization. Without the proper protection, it’s easy for them to navigate through the inherent trust controls your organization has built within your internal systems and processes.
- Internal attacks can be much more devastating. While insider threat events are typically less frequent than external attacks, insider threats often pose a much higher severity of risk for organizations when they do happen.
- Internal attacks can go undetected for long periods of time. According to one report, the average time it takes for U.S. companies to detect a breach is almost half a year. And another reports that most are not detected by the companies themselves, but by third-parties.
More and more of today’s cyberattacks don’t look like external threats. They look like internal users who are accessing systems and services in an abnormal manner. Internal network pen testing is the best way to protect your organization from experiencing significant damage from these types of threats.
Need a Way to Protect Against Internal Threats?
Organizations must understand the threat landscape and conduct applicable threat modeling in their pen testing. At LBMC Information Security, our team is constantly evolving our pen testing methods to emulate the types of attacks that are happening today.
If you’re looking for a way to protect against insider threats, I’d invite you to learn more about our extensive internal network pen testing method. You can also connect with our team at any time to learn about our other pen testing methods or cybersecurity services.