Ethical Hacking Lessons: Insights from 60 Enterprise Companies

Published 28 May 2019
Last Modified 12 Jan 2025
Book your demo now >

What happens when you perform ethical hacking on 60 enterprise companies that believe their security is up to par?

Pentera conducted penetration testing on the networks of 60 leading companies in banking, investment, legal, insurance, and retail. Working alongside some of the industry’s sharpest CISOs, our ethical hacking lessons revealed that few companies are sufficiently prepared for a cybersecurity attack.

While most enterprise organizations believe that they have every vulnerability covered, the truth is often more complex. Below are the six crucial lessons your company needs to learn if you want to improve your cyber resilience. 

Lesson 1: Ethical Hacking Lessons on the Human Factor

Your employees are your most valuable asset but also the primary entry point for cyber threats. Despite training and redundancies, human error remains a significant vulnerability. These ethical hacking lessons highlight two common patterns of concern:

  • Inappropriate Network Behavior: Even with limited administrative privileges, misuse can occur. For instance, a domain admin might improperly use their superuser account to access personal email, exposing the organization to unnecessary threats.
  • Misconfiguration: Another issue is misconfiguration of your network or configuration changes that go untracked and monitored. Mistakes, such as these, leave you vulnerable. For example, you might grant an employee temporary extended permissions for a project and then forget to revoke them.

Automated penetration testing conducted across 60 companies revealed that the human factor is, without a doubt, the largest vulnerability for most organizations. Frequent oversight is essential.

Lesson 2: Ethical Hacking Lessons: Guard More Than the Perimeter

Companies often adopt a narrow view of vulnerabilities. Many organizations assume that securing the perimeter ensures the safety of their on-premises network. Our ethical hacking lessons prove otherwise.

The truth is that 70% of security breaches result from insider activities, highlighting the importance of safeguarding your network’s core. Unfortunately, for most of the companies we ethically hacked, it was quickly evident that a relatively knowledgeable hacker could easily implement a full attack on-premise with no problem.

Companies need to start looking at their core network defense differently.

We need to assume that the perimeter WILL be breached; it’s just a question of when. With that in mind, penetration testing from the “outside in” is crucial but should complement an “inside out” approach that begins with the “crown jewels” and expands outward. By thinking about security in this way, you continually sanitize your inner network, so that even if a malicious hacker gets inside, they’ll find it much more difficult to implement a meaningful attack.

Lesson 3: Ethical Hacking Lessons from SOC Implementation

While a competent IT department can handle most network security issues, they were found lacking when it came to “surviving” our penetration testing. However, companies with a security operations center (SOC)—a centralized unit that deals with security issues on an organizational and technical level—performed far better.

The reality is that organisations with a SOC team have a much more developed understanding of cyber security and a higher level of awareness of what is happening in their network. Through constant monitoring and analysis, a SOC team offers timely detection of security incidents, keeps a pulse on the network, and helps companies stay on top of threats to their environment.

Lesson 4: Implement a Least Privileges Policy

It’s far better to contend with a high number of support calls from users asking for permission privileges than to deal with vulnerabilities created by over-privileged employees. Yes. There’s no doubt that it can be annoying for your IT department to field constant minor requests for privileges, but it’s better than opening your network to attackers looking to exploit your vulnerabilities.

It doesn’t take much for a hacker to gain a foothold in your organization’s IT or developer network segments where privileged users abound. Once they gain this access, lethal exploits become a matter of course.

Running Penetration Testing on dozens of companies, we discovered that the best vulnerability management plan is to have fewer privileged users, which increases your resiliency to attacks. For example, we found that law firms and accounting firms and companies where most users are of low-tech profiles- were far better protected than high-tech firms who had many super users. It’s that simple.

Lesson 5: Yesterday’s Vulnerabilities Are Still Here

MS17-010 (EternalBlue) is a well-documented and critical security breach that’s been around since March 2017. To our surprise, we discovered that many companies are still exposed to it. The same applies to other known vulnerabilities that we hadn’t expected to encounter in our penetration testing campaigns.

Why are organizations still exposed to well-known security vulnerabilities?

  • Lack of Time: Security teams are busy. In 2018, there were a record 16,500 known security vulnerabilities cataloged by CEOs and security teams across the globe. That’s too many vulnerabilities to handle all of them. The key is to prioritise the vulnerabilities that could have the largest impact on your organisation. Without the right tools, this prioritisation is easier said than done.
  • Device Importance: Prioritization issues arise when organizations secure high-priority devices but neglect others. Hackers exploit these overlooked devices as gateways to critical assets.

Lesson 6: Think like a Hacker

It’s an unfortunate truth, but even highly professional defense teams don’t think like attackers. It takes time, training, and hands-on practice to put yourself into the mindset of a hacker or malicious player. However, putting yourself in the attacker’s shoes is essential.

Cyber defenders often think linearly: “If I block this port, I’ll prevent attacks through it.” However, attackers approach security differently. They identify potential entry points and exploit the weakest link.

From a functional perspective, there are many ways to build your organisation’s network—all of them valid. A hacker only needs one vulnerability to bring the entire system down. Just as your IT department is putting in the effort to make the system work, the hacker is putting in the same effort to bring it down.

Pen-testing, manual and automated, puts your security into the hands of ethical hackers and the tools that apply an attacker mindset to challenge your defenses. At the end of the day, these defenses are only as good as the tests they’ve been put through.

Final Thoughts

Protecting your organization’s network is a complex challenge that depends on informed decisions and ethical hacking lessons. Who you trust, to what degree, and the freedom you provide can either leave you open to vulnerabilities or protected inside and out.

In our ethical hacking of 60 leading companies, we found that without automated penetration testing that mimics the mindset of a hacker with the touch of a button, companies leave the door open to malicious hackers. But with consistent and regular pentesting runs, it’s possible to discover vulnerabilities and perform ethical exploits while keeping your networking operational.

With the right data and insights, cybersecurity officers can now prioritize their defense efforts and stay one step ahead of the next malicious hacker. Ethical hacking practices highlighted by our penetration testing survey provide actionable insights into enterprise data protection.

Ready to take your security validation to the next level? Explore Pentera’s Automated Penetration Testing platform and see how it can transform your organization’s defenses.

Subscribe to our newsletter

Find out for yourself.

Begin your journey in security validation and see why leading companies trust us with their cybersecurity validation.

Start with a demo
Related articles

Password Security Tips: How to Create a Stronger Password

Would you believe that 49% of all data breaches involve passwords? The Verizon Data Breach Investigations Report highlights that stolen or weak passwo...

Top Ingredients for a Winning Startup

“He shoots, he scores!” I still hear the sports announcer’s excitement coming across the loudspeaker -- in my high school basketball court days. ...

Comparing Cyber Warfare to Chess Strategies

In cyber warfare, like in chess, the game outcome is not determined by a single exploit (or move), but rather by a patient silent-predator strategy....