"Penetration Testing Leaving Organizations With Too Many Blind Spots"

Researchers at Informa Tech surveyed enterprises with 3,000 or more employees. They found that 70 percent of organizations perform penetration tests as a way to measure their security posture and 69 percent to prevent breaches, yet only 38 percent test more than half of their attack surface annually.  More than half of the participants surveyed are concerned pen-testing gives them limited coverage or leaves them with too many blind spots, and 47 percent say that pen testing detects only known assets and not new or unknown ones.  Almost half the respondents conduct pen tests only once or twice per year, and 27 percent do it once per quarter. The researchers stated that this is woefully inadequate given the fast pace of threat evolution and how quickly infrastructure and applications change.

Help Net Security reports: "Penetration Testing Leaving Organizations With Too Many Blind Spots"