Ideally a penetration test should simulate a real world attack; in the real world, the attacker will always have some objective beyond “get into the network.” No matter who the attacker is, they are motivated by something that they are trying to accomplish – and getting into the network is only one step in that process for the attacker.
The world's largest student-run cyber security event, founded 13 years ago by the New York University Tandon School of Engineering, will expand this year to NYU Abu Dhabi and the Indian Institute of Technology, Kanpur.
It’s hard to believe that over a decade has passed since PCI DSS (Payment Card Industry Data Security Standard) was first introduced in 2004 as the information security standard for organizations that store, process or transmit cardholder data. Although it’s become a mature industry standard, two problems remain.
In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.”
Late last year about 200 banks in New York took part in a cybersecurity “exam” in which they were made to respond in real time to questions about their cybersecurity policies and procedures. The test was designed to help the banks see how they compare with their peers in terms of being ready for attacks by cybergangs looking to break into their networks.