After the recent announcement of our new penetration testing services, we sat down with Harlan Beverly, our VP of Technology, for more insights into IT security best practices. “Penetration testing by a third party like PTW helps ensure that all reasonable measures are being followed to keep customers, employees, and shareholders safe and secure,” he states. This is proven true by the recent issues faced by SolarWinds Corp. and its CISO, Tim Brown.

SolarWinds is an IT observability platform. They were charged with fraud and internal control failures by the Securities and Exchange Commission (SEC) who alleged that the company willfully misrepresented the security of its practices. Starting around October 2018 through to around December 2020, SolarWinds were besieged by a massive cyberattack called “SUNBURST”. This attack allowed cybercriminals access into the SolarWinds infrastructure, which was used by customers worldwide as well as the US federal government.

(Source: darkreading.com)

The impact of SolarWinds’ failure to secure their applications is still being felt by the company, as well as its shareholders, customers, and employees. “The impact of loss of data, recovery, and loss of reputation cannot be understated,” Harlan says. “Why would any company not want to make sure that hackers can’t break into their systems? That’s what penetration testing does. White-hat IT professionals use the same skills hackers use to try to penetrate systems so that we know what vulnerabilities exist and patch them before the hackers find them and exploit them.”

In related news, the importance of cybersecurity and penetration testing for games and other applications—and especially those that use or leverage Artificial Intelligence (AI)—has also been heightened (Source: CNBC). “The US government has recently mandated the creation of a new set of guidelines to ensure AI systems are kept secure,” relates Harlan. “Specifically, the program calls for companies to share safety test results and evaluate privacy techniques. These new guidelines mean that penetration testing is a critical step to ensuring these privacy and safety techniques work, and such practices will become even more important in the future.”

“Our newly created NinjaScan service is poised to make penetration testing faster and more affordable,” Harlan continues. “We can do this by leveraging the 24-hour work cycle. We save precious days by spreading the work globally and performing the penetration testing using special tools and scripts developed to make the process more efficient.”

With the SEC and new US government departments getting involved in the importance of security testing, the need for penetration testing by an OSCP-certified partner is more important than ever.