Penetration testing is foundational to every successful security program. How has this exercise adapted to the new demands of 2024?
Pentesting is on the rise:
- Cobalt, a provider of Pentesting as a Service, and has seen a 31% increase in penetration testing engagements in 2023. Reasons for this rise span an uptick in regulatory requirements, an increased attack surface as companies turn to the cloud, and the rapid rise of AI-driven software.
- The number of findings per pentest has also increased by 21% year over year—a total of 39,000 vulnerabilities across 4,068 pentests.
AI acceleration:
- The AI goldrush has spurred concerns that the proper protocols aren’t being followed: 59% of respondents whose companies have embraced AI say it’s being implemented faster than they can keep up. Many—most notably the cybersecurity leaders—are arguing that it’s time to press pause.
- Businesses need to know the limits of these tools and recognise that they can become a new attack surface. For instance, with creative prompts, chatbots can be manipulated to bypass their restrictions and hand over sensitive data.
Source: The State of Pentesting 2024 - Cobalt
On repairing the vulnerabilities:
- In 2023, the number of vulnerabilities that were actually fixed sharply fell, while the time to repair them increased - likely due to under-resourced staff, skill shortages, and budget cuts, as well as the vast increase in the vulnerabilities that were found.
- 31% of those surveyed say it takes at least a week to remediate vulnerabilities with the highest level of severity on a business-critical asset.
