If you are in the Wealth Management space, you might have recognized the regulation overload that is occurring within the domain of cybersecurity.
The Financial Industry Regulatory Authority (FINRA), New York Department of Financial Services (NYDFS), Department of Labor (DOL), and the Louisiana Department of Insurance (LDOI) each have their own cybersecurity requirements. Some require an annual attestation that you are complying with those requirements on an annual basis.
While some of the requirements may differ between different authorities, penetration testing and/or elements of penetration testing appear in each. In addition, in most cases, organizations must perform tests on an annual basis. Here’s an overview:
- FINRA’s 2018 Report indicates organizations are to have a strong penetration testing program.
- NYDFS 500.5(1) indicates the organization shall conduct annual penetration testing.
- DOL Cybersecurity Best Practices number 8 indicates to perform annual penetration tests.
- LDOI House Bill does not specifically mention Penetration Testing by name but does mention organizations need to identify reasonably foreseeable threats that could result in a host of activities, as well as regularly test internally and externally developed software.
There are many types of penetration tests available for businesses such as, Web, API, Mobile, Internal, External, and Cloud. At H2Cyber, we observe that the most common penetration test organizations launch is an External penetration test which consists of all of their public IP spaces issued by their ISP at each of their geographical locations, as well as the URLs they serve up to the world.
At H2Cyber we leverage Cobalt’s Pentest as a Service model because it allows our clients to execute with speed, scale as needed, and retest to ensure fixes are functioning correctly.
What’s the main difference Pentest as a Service brings to the table? Consider this: With traditional penetration testing the scoping alone can take 2 to 3 weeks. If you want to retest afterwards, in most cases it will cost you in addition to the initial test price. This is where Cobalt shines: we can have a test up and running within 2-3 business days and they allow for free retesting for 6 months to a year depending on the engagement. Having this kind of flexibility can help businesses within the Financial and Wealth Management spaces more easily meet regulatory requirements. But above all, it will help strengthen their security.