Ransomware attacks and data breaches will not cease anytime soon. While businesses in various industries seek to implement the most advanced security measures, testing them doesn’t necessarily come with the package.
Keeping the company and its clients’ data protected must be the number one priority. All enterprises, whether big or small, should test their cybersecurity systems from time to time. Human error, non-timely updates, and management all can influence the proper workings of such a system, and penetration testing can provide invaluable insights and means to improve.
Apporwa Verma, application security engineer at Cobalt, a pentest service provider, shared with us how top-tier penetration testing helps improve businesses’ information security systems.
What has your journey been like since Cobalt launched back in 2013?
Cobalt, the leading Pentest as a Service (PtaaS) company that’s modernizing the traditional, static penetration testing model, has been at the forefront of the cybersecurity industry since its inception. In the past five years alone, Cobalt has grown from 10 employees to over 200 employees worldwide.
Cyberthreats are intensifying in frequency and severity, and Cobalt is seeing an exponential demand for its services as organizations recognize the crucial need to invest in ongoing cybersecurity measures to protect themselves from cyberattacks.
In 2021, Cobalt saw 60% ARR growth year-over-year. Cobalt also added 450 new customers, who joined the ranks of companies like Hubspot and Credit Karma. In 2021, Cobalt also achieved a record number of testing engagements, marking a 53% increase year over year as PtaaS continued to gain traction.
PtaaS is now a recognized market category, which is incredible to witness, and Cobalt has solidified its status as a pioneer in PtaaS. We continue to see tremendous growth, and there’s no slowing down from here!
How is Cobalt different from other solutions available on the market?
Cobalt’s PtaaS solution is unique because it enables organizations of all sizes to manage scalable, efficient pentests with on-demand access to expert security talent via a modern SaaS delivery platform. Cobalt is bringing pentesting into the 21st century to meet the needs of today’s security and development teams, as they look to protect themselves from falling victim to the next big cyberattack.
When time is money, the business value of on-demand pentesting cannot be overstated. With PtaaS, if critical issues are uncovered, organizations can address them immediately, without having to wait for final project reports. Security teams are engaged with pentesters throughout the pentest projects, so they can course-correct and respond to problems and opportunities in real time.
Read more about when pentesting is most effective.
In recent years, penetration testing has become standard practice. Can you briefly describe what the process is like?
At Cobalt, pentest engagements consist of several phases, outlined here: preparation, kickoff, testing, reporting, re-testing, and feedback. Each step presents opportunities to align all stakeholders involved when it comes to pentest expectations and needs.
The testing stage is the main activity for pentesters. It includes threat discovery, modeling, exploitation, and post-exploitation. The output of a pentest is an actionable report outlining a list of vulnerabilities uncovered and the risks they pose to an application or network.
Armed with this invaluable knowledge, organizations can fine-tune their security protocols, patch vulnerable applications and networks, and strengthen their overall security posture against attackers looking to exploit them.
How has the pandemic influenced the ways in which threat actors operate?
During the pandemic, we’ve seen a high volume of social engineering schemes with the intention of exploiting people’s heightened emotions for hackers’ gain. For example, cybercriminals have posed as government officials delivering health information, bosses asking employees to make purchases while working remotely, and shipping companies with fake package tracking numbers.
What types of cyber attacks are the most common nowadays, and how serious are they?
Ransomware attacks have become more and more common – and dangerous. In 2021, ransomware attacks flooded media headlines. The ransomware attack on Colonial Pipeline sounded alarms across the nation. It shut down the biggest fuel pipeline in the United States and sparked mass hysteria.
The belief that only large and well-known companies are prone to cyberattacks is only one of many misconceptions still prevalent today.
Which cybersecurity myths do you come across most often?
One big misconception I’ve seen is that pentesting measures are needed only for compliance reasons, or when companies are hacked. This is simply untrue.
According to an IBM report, data breach costs rose from $3.86 million to $4.24 million in 2021, the highest average total cost in the 17-year history of the report. This alarming data is an important reminder that investing in cost-effective, preventative security measures like PtaaS is critical to identify and fix gaps in an organization’s security posture before an attacker capitalizes on them.
PtaaS has emerged as an essential, modern approach to businesses’ ongoing security needs. The numbers don’t lie: 88% of 600 U.S.-based IT professionals said more budget should be allocated toward pentesting, according to Cobalt research.
In your opinion, which industries should put more attention towards their cybersecurity?
Where there’s money for the taking, there will be cyberattacks. From financial services to healthcare – and from small businesses to enterprise-level organizations – no one is safe. Everyone should pay attention to their cybersecurity protocols to protect their data and their customers’ data.
Besides regular penetration tests, what other security measures can companies take to protect themselves from cyberattacks?
The key to protecting an organization from cyberattacks is much simpler than you might think. Here are a few top tips.
- Cybersecurity education is essential. Business leaders must ensure their employees can spot - and report - phishing scams and other suspicious behaviors. Cybersecurity training ensures your first and best line of defense - your teams - know what to look for at all times.
- Implement baseline security measures - now. Make sure your company is well equipped with the basics, like VPNs, MFA/2FA, a process for installing software updates and patches. Identify your digital assets, backup critical data, identify vulnerabilities, and fix those vulnerabilities to strengthen your cybersecurity defenses.
- Use proactive security protocols. The best way to prevent cyber attacks is to make proactive security measures a top priority. Protect your organization by conducting regular pentesting to identify security vulnerabilities. Collaborate with development teams to promptly fix those security issues before they cost you big money.
Would you like to share what’s next for Cobalt?
Absolutely! In 2022, Cobalt will channel its exciting momentum into making pentesting more accessible to all and creating a safer digital world. Additionally, our Chief Strategy Officer, Caroline Wong, just wrote the book on PtaaS – you can download it here – and we’re gearing up to launch a one-of-a-kind PtaaS conference in the fall. To keep up with our latest activities, you can follow Cobalt on Twitter here and LinkedIn here.