Building the case for Security Validation

Building the case for Security Validation Image credit: USA Today Events of the last month have shown that, despite best efforts and assumptions on how well protected corporate networks are, damaging Ransomware attacks and other cyber threats, continue to wreak havoc on companies and organisations in all industry sectors. Just in the last month, we have seen crippling Ransomware attacks on Colonial Pipeline, the Irish Health Service, the University of Portsmouth, and many others.  In most, if not all, of these cases, the IT and information security teams will undoubtedly have told their management teams and oversight Boards, that they had invested in adequate security controls and that they conduct regular penetration testing. So, it begs the question: why are corporate networks still so vulnerable to these attacks?  The answers to this are probably wide ranging, but one consistent theme is an assumption that corporate networks are protected because certain