When Is Penetration Testing Required?

Daniel Tobok
E: dtobok@cytelligence.com
Posted on: March 20, 2019

There are very few companies today that don’t maintain a database of sensitive information. Whether it’s names and emails, purchase histories, or even credit cards, you have a wealth of information on your servers that people will (literally) pay to get their hands on.

As much as technology makes our everyday business lives easier, it also brings to a bear an entirely new host of problems that the average business owner may not be aware of. Whether you accept online payments or even just collect names, emails, and birthdays for a loyalty program – you are liable for that data. And the more data that is accessible, the more people will try to exploit it. The facts are staggering:

  • In 2016 alone, 4.2 billion personal records were breached
  • An average of 4,000 business security hacks happen per day
  • There are an estimated 230,000 new malware samples every day

With the average consumer becoming increasingly aware – and wary – of the importance of their personal data security, it places an increased responsibility on you as the company to prove that their information, and thus their business, is safe with you. As you can imagine though, that can be a bit daunting. That’s why it’s critical to take preventative measures to make sure that you’re not the next featured #hacked hashtag, like Sony or Equifax.

But what can you do to prevent the unexpected? This is where your cybersecurity experts and a
penetration test come into play.

What is a penetration test?

A penetration test (or pentest, for short) is when you contract a team of experts to purposely try and gain access to your most sensitive data. These series of tests are designed to identify and examine any flaws in the security of your system and your sensitive customer data.

Who needs a penetration test?

Most companies that use modern applications to store or access any customer or sales data can be
potentially vulnerable. In certain cases, you can even be legally liable for not taking proactive steps to protect the data in your care.

When do I need a penetration test?

Depending on several different factors, including the public profile and online visibility of your company, typically a minimum of one penetration test a year is recommended. For companies that have access to more sensitive financial data, a minimum of a quarterly test is highly recommended.

Additionally, you should be sure to talk to your penetration consulting experts any time you:


  • Add an additional office or remote workstation to the network
  • Install a security or application update on your website or intranet
  • New infrastructure or applications are integrated into your existing system

Penetration testing is an integral part of any cybersecurity risk management plan. Too often do people wait until it’s too late to find out where the breaches in their security lie – and once you lose the trust of your customers it’s already too late. For more information on how to be proactive about your business’s security, contact us at 888-981-3934.