Penetration testing should be performed on a regular basis (at least once a year) to ensure more consistent IT and network security management by revealing how newly discovered threats (0-days, 1-days) or emerging vulnerabilities might be exploited by malicious hackers.