Have you been in a long-term relationship with your existing penetration testing vendor?
Starting to feel like it’s time to ‘spice things up’ a bit?
It’s easy to settle into a partnership with a vendor that you’ve got to know, they’ve got to know you along with the more intimate details of your business, and all of the ‘skeletons in your closet’. It takes time to build that level of trust and knowledge of your organisational context.
Recently however, there has been a whole lot of whispering behind hands, and new security best practice guidelines being circulated, which suggests that a good cybersecurity strategy should involve regularly changing or rotating your chosen pen testing vendor. There are a number of reasons to consider the idea of “swinging” with your current pen testing provider.
You Don’t Know What You’re Missing Out On…
Familiarity breeds complacency. And complacency deprives people of opportunities and brings growth to a standstill.
If you’re not trying something new, you will always have reasonable doubts that your current vendor might be missing something when it comes to testing methods, skillsets or risk prioritisation. A different pen tester may have slightly different methodologies which could potentially unmask a previously unidentified vulnerability. They may also report on vulnerabilities in a different way to what you have got used to – and who knows, you might just prefer it that way.
No Pleasure Endures Unseasoned By Variety…
No two pen testing companies are the same. They come in differing sizes, they come with differing areas of expertise, differing levels of expertise, differing certifications, knowledge of particular industries, the list goes on. By rotating partnering companies with varying skills, you can take advantage of each vendor’s proclaimed “specialist knowledge” to hedge your risk, and ensure you have the most appropriate pen tester for every engagement.
Rev Up The Relationship With A Little Healthy Competition
Changing up or rotating your pen testing vendors should not become a cut-throat activity, however there are some positive benefits that come with a little healthy competition. The incoming testing partner will have the motivation and desire to please, they will be going the extra mile to deliver an improved outcome for you. This, in turn, may drive a boost of creativity and innovation from your existing vendor, who will want to make sure the sparks are still flying, and you still recognise the value that they bring to the relationship.
As with all good relationships, new and existing, being open and transparent about what you’re looking to get out of the partnership is the key to a successful journey.
At the end of the day, maximising your security posture is the number one goal, and if that means playing the field to see what else is out there, that may ultimately be the best decision for your organisation.
It doesn’t mean you have to say “Au Revoir” to your long-term pen testing partner. It could simply be time to introduce a fresh perspective into the equation.
JDS are keen to get in on the action.