When’s the last time your organization did a fire drill for a cyberattack?
When talking cybersecurity budget, the main allocations are often salaries of employees and defensive tooling. These tools, ranging from firewalls to intrusion detection systems, to Endpoint Detection and Response (EDR) and are critical in safeguarding against attacks. However, simply having these tools in place isn’t enough. One thing I mention over and over to clients is the value of pressure testing your tooling to be sure it responds the way you expect. Think of it as a fire drill for your team and your cyber defenses. Pentesting pulls the proverbial fire alarm and allows clients to gauge 2 things:
– Do I get an alert?
– When does that alert come in?
Much like a true fire, if the firetruck comes an hour later, there’s not much value a firetruck contributes. Similarly, if you don’t get an alert for 3 hours, there’s often not much value in getting the at that point as the damage is already done and containment is no longer an option.
When’s the last time you performed a cyber fire drill for your organization?