If your network is exposed to the Internet, you can be sure someone out there is having a look.
Sense of Security has released a benchmark study based on 12 months of continuous external network penetration test reports.
External network perimeter penetration tests do not only concentrate on the network layer. This often means we will investigate exposed web applications too. You can rest assured that if it’s exposed to the Internet someone out there is having a look.
Our tests evaluated the robustness of an organisation’s Internet perimeter to simulated attacks designed to breach security defences. The results included in the data were complete perimeter tests but excluded any social engineering scenarios.
SOS has released this data to help improve security awareness of the state of cyber security in Australia. The results here are complementary and should be read in conjunction with those released in our recent ‘The State of Web Application Security in Australia’ report released in May 2019. This will provide the reader with a more complete view of common weaknesses at the network and application layers on the Internet boundary.
While there are certainly challenges, our research indicates that you don’t need the latest and greatest technology to secure your enterprise. Minimising your attack surface area is still one of the most effective things you can perform. Organisation’s should also strive towards continuous monitoring to identify vulnerabilities at high frequency, rather than relying on point in time security reviews alone.