Exploring the results of thousands of enterprise penetration tests to reveal where risk may be hiding in your organization.
Coalfire 4th Annual Penetration Risk Report
What’s in this whitepaper by Coalfire covering more than 3,000 penetration tests:
The risk landscape is ever-evolving, and enterprises must roll with those changes if they hope to identify and mitigate threats. But as Coalfire’s fourth annual penetration risk report shows, organizations are often too focused on external threats, ignoring the potential for internal vulnerabilities.
Coalfire’s report reflects more than 3,100 penetration tests from nearly 1,600 client engagements in the technology, financial services, healthcare and retail sectors, analyzing enterprise and cloud service providers, internal and external attack vectors, application development and mobile app security, social engineering and phishing. It also includes PCI and FedRAMP-specific findings and segments data by industry and company size.
Here are a few of the key findings:
- Web application penetration testing pays off over time.
- Financial services organizations are challenged with securing mobile apps.
- More than 3,100 penetration tests show security misconfiguration is always the top vulnerability.
- Improvements in social engineering test results.
- Training gaps threaten FedRAMP authority to operate.
- Large CSPs are improving but still carry the majority of high-risk vulnerabilities.