How Often Should You Be Doing Pen Testing?

When it comes to penetration testing, the most frequently asked question we get is: “How often should we do one?” The other question, unfortunately, we receive almost as often is, “Pen testing? What’s that?” Knowing your network also means knowing how often you should be testing the penetrability of your network security – because if you’re not testing its vulnerabilities, it’s very likely someone else will be.

Most Only Do It After an Attack

There are some companies out there who have never had a pen test performed, or at least can’t remember the last time. If that’s the case with you, that’s not nearly often enough. These companies often don’t even learn about “pen testing” until after they’ve been breached. At that point, the damage has been done, and the hacker likely left some unsavory gifts behind in their wake. In this event, first and foremost, your network must be purged of all malware or any lingering viruses. Next, your network security must be taken up several notches – only then should you begin your pen testing. It’s likely at that point, you’ll begin formulating a schedule for regular pen testing.

Even Regulatory Compliance Doesn’t Make It Hard

If you’re covered under PCI DSS (credit) compliance regulations, even they aren’t that demanding about pen test frequency. They usually only require pen testing to be performed once annually. That’s not often, and really well under what you should be doing to keep an eye on your security. Even your dentist tells you to come in for two cleanings a year. Shouldn’t you be at least as frequent with your network security as you are with your mouth security?

To Be Honest, Frequency of Pen Testing Depends on Your Company

No two companies are the same, and by that token, each should be judged on their own needs. It’s advisable to receive a professional evaluation from network and cyber security experts, such as Cognoscape, and listen to their recommendation. The answer you may be ultimately looking for is this: you should have a pen test performed as often as your IT consultant advises you to.