“I am the wisest man alive, for I know one thing, and that is that I know nothing.” ― Plato, The Republic
Good martial arts instructors teach that, in order to be prepared for a fight, you must have your flaws exposed in practice. This requires that you step out of your comfort zone and invite vulnerability with high quality, trusted sparring partners so that you experience loss in a constructive manner. It is more important to know what you do not do well as opposed to “win” every time.
Like a trusted sparring partner, a good penetration tester can help you uncover the weaknesses in your defense. They are there to expose your vulnerabilities and take advantage of them in a controlled environment before a malicious hacker has the opportunity to do so. And, just as high-level sparring partners are invaluable for professional boxers and martial artists, penetration testers are just as valuable to institutions that take security seriously.
Hackers are constantly evolving and adapting to the security of both corporate and government entities. We know that nation-states have the capability to infiltrate our military. We know that our banks are constantly attacked. We know that our utility companies are constantly attacked. Fortunately, we also know that there are security experts out there who have your best interest in mind.
Beyond the realm of the Internet, there are also physical concerns that penetration testers can help an institution address. Much attention is given to Internet security, and rightfully so, but a stagnant physical security force could also precipitate a devastating breach. It is important to remember that all facets of your security must evolve and adapt. If there is a weak link in any aspect, it can quickly become a vulnerability on many fronts.
Considering the ever-evolving dangers we face in corporate America, as well as the global community at large, no institution or industry or government entity can neglect the need to do everything possible to safeguard data, money, and the continuity of business as we know it. Flaws must be exposed quickly, or they will be exploited quickly. The fight is coming faster and faster. Thankfully, honest people and businesses have the ability to spar in preparation; to learn what they cannot do so they can improve and prepare to fight again.
War is very old, but this cyberwar is fairly new. It will only accelerate from here. For the good of government and finance, industry and citizen, it has become imperative that businesses spend the time and resources to chose a good “sparring” partner; one they can trust, one that can help not only expose the vulnerabilities but train, strengthen and repair them.
“I have been impressed with the urgency of doing. Knowing is not enough; we must apply. Being willing is not enough; we must do.” ― Leonardo da Vinci