An explanation of Pen Testing
Image courtesy of hywards / FreeDigitalPhotos.net
Information security is paramount for every business today and with many documented cases of cybercrime emerging on a seemingly weekly basis, securing one’s assets has never been more important. This is especially true for companies that have an online presence and a network that is connected to the outside world.
Data security breaches are not only highly embarrassing for a business but they can often lead to financial penalties and further litigation. Other types of cybercrime can cause severe disruption for organisations and lead to a loss of revenue and damaged reputation.
It’s for these reasons that businesses need stringent security protocols to protect their networks and assets that are both effective and measurable. This has led to the increased popularity of penetration testing by NCC and other reputable companies who specialise in information security services.
What is penetration testing?
The concept is relatively simple: attempt to breach a business network by mimicking a cyber-attack from the outside world. The aim is to identify potential security flaws allowing the business to take preventative action to fix them going forward.
A penetration test will inevitably have an overall report that outlines issues and offers advice on how to address them. Furthermore, a penetration test will actively look to exploit vulnerabilities to prove how susceptible a business is to real-world attacks.
Image courtesy of watcharakun / FreeDigitalPhotos.net
Why conduct penetration tests?
There are a number of reasons why a business might want to conduct a penetration test. The most obvious of these is for absolute peace of mind when it comes to security measures. This is not just important for the business but will boost their reputation in the industry, and in the eyes of their customers.
Furthermore, some highly regulated industries like financial services have to carry out penetration tests as part of their compliance process. This is to prove that they take their customers’ information seriously and have implemented sufficient security protocols to keep sensitive data safe.
Another prominent reason for businesses to conduct penetration tests is if they have been the victim of a cyber-attack in the past. Penetration testing is a great way to double-check any newly adopted security controls, in an attempt to prevent future recurrence.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
What should be tested?
This totally depends on how confident the business wants to be in its security defences. For example, penetration testing can be narrow in only testing network security, or can be broad in testing business devices such as smartphones and servers.
Some organisations even go as far as testing CCTV systems, door entry systems and mechanical locks. After all, any vulnerability that exists should be cause for concern and an extremely thorough penetration test will afford total peace of mind.
Of course nothing is infallible, but penetration testing undoubtedly stands a business in the absolute best stead going forward in terms of security. However, business owners and key decision makers should appreciate that penetration tests are often carried out by reputable partners of the business who will inevitably have a lot of insider information. Therefore, their ability to identify flaws will certainly be higher, but they might not know all the latest techniques used by hackers to exploit computer networks.