Penetration testing or vulnerability assessment: What’s the difference?

Cybersecurity terms continually make their way into our vocabulary with words like IP address, Virtual Private Network (VPN) and the cloud – or more ominous terms like exploit and breach. These words have, unfortunately, permeated our society. Often it seems you can’t watch the news without hearing mention of a data breach, and many cardholders have had to replace their cards due to one.

Does your financial institution have a plan to prepare for, and address weaknesses in, infrastructure that can lead to such breaches? Conducting penetration tests and vulnerability assessments are a crucial part of any financial institution’s cybersecurity strategy. If you’re not sure what to ask your IT and Security teams, we have provided a quick primer on these two important cybersecurity measures below.

Penetration Testing vs. Vulnerability Assessment

Many people think penetration testing and vulnerability assessments are different terms for the same security activity. However, from a security and compliance standpoint, there is a significant difference. Vulnerability assessments aim to identify, analyze and prioritize potential vulnerabilities by performing a risk assessment process. On the other hand, penetration testing goes a step further, using real-world cybercriminal tactics, techniques and procedures to exploit and discover vulnerabilities in a system, network or application. When a penetration test identifies an issue, it is an actual issue that can be exploited.


continue reading »