Why pen testing is important. If you could safeguard your home and your family, would you take steps to do so?
I’d say that’s a yes – we lock our doors, close our windows, set our alarms, install CCTV, even upgrade our doorbells to keep us safe.
If you could actually see the likelihood of your business being cyber attacked and take steps to safeguard it, would you do something about it?
That’s where pen testing comes in.
What is Pen Testing?
Pen testing (also known as ethical hacking or penetration testing) is a process for securely testing your systems, networks & applications by emulating real cyber attacks so that you can discover where your business is vulnerable.
Testing can be automated (with software) or manual, where a cyber security expert (or a team of experts) attempt to find and exploit vulnerabilities in your computer systems.
In the late 60’s/early 70’s the US government started using ‘tiger teams‘ made up of engineers and scientists to test system security by attempting to penetrate computer systems to uncover security holes and patch them. This is how pen testing first emerged on the computer scene.
Why do you need Pen Testing?
Pen testing assesses and reduces your corporate cybersecurity risk and ensures compliance.
Ideally you should have good security practices and procedures in place and therefore have a good idea of what the penetration test is going to find. The results of these tests help you determine how vulnerable you are and where you should invest your time and money to ensure your business is secure and compliant.
It gives you the opportunity to patch up any issues and mitigate future attacks.
How often should you undertake Pen Testing?
If you want to ensure your business is always secure & compliant you need to frequently test for vulnerabilities to monitor and resolve any issues.
Certain industries are required to perform tasks to check their compliance and need to stay one step ahead of the hackers. If you add something new to your network (or applications), you move office, apply security patches or amend your policies you should run a test.
Don’t presume that because you have the latest equipment and your security system is advanced that you are protected; you could still be vulnerable to any new & unknown attack types.
Automated v Manual Pen Testing
There are advantages and disadvantages to both – in an ideal world you would use both but not every business has the resources for that.
Automated pen testing can be continuous, it saves time, is cost effective, can check for compliance and gives a realistic assessment of your risk. Provided the tests are run frequently and the results acted upon, your business will be secure & compliant.
Manual pen testing adds the human element to your vulnerability search. Whilst automated testing is dependent on how the software has been programmed, the human element can analyse the vulnerabilities and think of solutions ‘outside the box’. Human pen testers are security experts that are curious, wish to show off their knowledge, are financially motivated and like to be challenged – they will be hoping to find that security gap.
Should we all be Pen Testing?
We all don’t think it will happen to us, we’re not big enough, important enough for a cyber attack or we’ll add it to the list & look into it when we have more time! Testing costs time and money but if you could have peace of mind and ensure a safe, secure, compliant business, why wouldn’t you take the test?
Take the example of the The Scream painting being stolen from the National Gallery in Oslo in 1994, the gallery considered their security cameras and alarm system to be sufficient … it took 50 seconds. The thieves left a postcard behind in the gallery …
Leave a Reply
Want to join the discussion?Feel free to contribute!