Penetration testing is essentially “friendly hacking” and is used by firms to assess the vulnerability of their infrastructure and the effectiveness of their cybersecurity systems. It is generally recommended to conduct a penetration test annually–some regulators (such as the SEC) go so far as to require it.
Penetration Test = Friendly hacking
It's time to test your cybersecurity solution.
Internal Penetration Test
Internal penetration tests are designed to run on a computer and to see what sensitive data can be pulled from the device, what information can be determined from the network and what information can be pulled from surrounding devices on an office network. These tests will check for proper data management practices, proper inter-network security protocols and proper access controls.
External Penetration Test
An external penetration test is typically not as invasive. It will try to point to your network from an external environment and see how far it can break into your network and systems. Ultimately, it is checking for proper network configurations, closed ports, etc.
Cybersecurity Risk Assessment
Cyber risk assessments are complimentary to, but are different from penetration tests. A cyber risk assessment is a deep dive into your infrastructure, configurations, etc. and aims to expose vulnerabilities on a high-level, rather than utilize tools to break in (as a penetration test does). Through a cyber risk assessment, clients will enhance their awareness of cybersecurity best practices and are held accountable to their cybersecurity policies.