Cybersecurity initiatives are more and more important, especially after the big changes that the pandemic accelerated, like remote work, cloud solutions and the growing use of remote devices.
We talked with Nick Terkay, Director of Engineering at Cobalt, about the company’s Pentest as a Service Platform (PTaaS), how organizations can protect themselves and the human role in cybersecurity.
With the pandemic, organizations all over the world had to adapt quickly to work remotely, including using cloud solutions, and mobile. Many observers relate those needs to a spike in cyberattacks and threats. Do you believe this is true, and how can organizations be safe in the “new normal”?
If cybersecurity wasn’t a topline business priority before, it sure is now, as a result of the proliferation of remote work and onslaught of cyberattacks we’ve witnessed over the last couple of years. The pandemic proved that cybercriminals will use any tragedy – even COVID-19 – to exploit vulnerable parties and make a quick buck.
After two years in a pandemic, organizations across the globe have been forced to recognize that phishing attacks and other cybersecurity threats are no joke. They can cause detrimental workflow problems and cost organizations substantial time and money (not to mention reputation damage). And, worst of all, cybercriminals are showing no sign of slowing down.
The key to digital safety in 2022 and beyond is investing in proactive cybersecurity measures like pentesting and cybersecurity awareness training. These are fundamental pillars to protecting your organization from becoming the next attack headline.
Big companies have the funds to invest in cybersecurity softwares and strategies. Unfortunately, that’s not a priority or even a possibility for many small companies. How can a small organization improve its cybersecurity protection?
Cybersecurity protection begins with knowing your assets and backing up those assets. In addition, I encourage all small business leaders to use Multi-Factor Authentication (MFA). MFA decreases the likelihood of successful cyber attacks by requiring two or more verification factors. These are just two preliminary steps every small organization should take to improve their cybersecurity posture.
How does Cobalt’s solution differ from others in the market?
At a bare minimum, companies need pentesting to comply with regulatory requirements. But traditional pentesting services operate in silos and can take weeks to schedule and deliver, leaving companies exposed to the risk of breach.
Cobalt’s Pentest as a Service (PtaaS) offering revolutionizes this traditional model by combining on-demand access to expert talent with a modern SaaS delivery platform that allows for faster remediation.
WithPtaaS, companies of all sizes can test more of their digital assets at a higher frequency, and improve their security posture over time. To learn even more about the benefits of PtaaS, I encourage you to check out “ThePtaaS Book: The A – Z of Pentest as a Service”.
What are the most common vulnerabilities exploited by malicious actors?
The most common vulnerabilities are server security misconfigurations, followed by cross-site scripting, according to our research. Unfortunately, our data strongly suggests that security teams are still struggling with the same well-known vulnerabilities that have plagued the industry for years. As much as teams aim for secure development, there are still notable gaps in prevention and remediation.
With more and more automation and use of technologies like AI, IoT, and machine learning, what is the human role in cybersecurity? Does having someone dedicated to one project still make a difference?
Humans are – and will continue to be – invaluable to the pentesting process. As people, we bring a lot to the table that AI simply cannot – for example: creativity and a vision. Creativity is crucial to embodying the hacker mindset.
But don’t take my word for it! In 2021, Cobalt achieved a record number of pentesting engagements, with over 2,300 pentests conducted by the Cobalt Core – a closed, highly vetted pool of security testers – marking a 53 percent increase in pentests over 2020’s record year.
What is the next frontier in the cybersecurity industry?
We will see the cybersecurity industry continue to rapidly evolve – for example, to support emerging and converging technologies like Web3. With larger attack surfaces due to the continued proliferation of remote work, we will also see an increased demand for modern approaches to pentesting like PtaaS. Given everything we experienced in 2021, I believe 2022 is going to be the year of mass PtaaS adoption.