With the recent enactment of Australia’s data breach notification laws, there’s no better time to prioritise cyber security. Failure to notify customers and the public of data breaches could cost corporations up to $1.8 million in fines. There are, however, even better reasons to make security a frequent topic of discussion in the boardroom.
Consider everything that’s stored in your company’s hardware and software. Would your data be of use to competitors? Would your company survive if sensitive information were taken hostage by a cybercriminal and held for ransom? Would a cyber attack bring to light facts that could damage your professional reputation? Could you continue to do business if your website were paralysed?
Cyber attacks are getting more and more complex, so you need all the help you can get. It’s no longer enough to put security tools in place and cross your fingers. Lax practices and human error can expose even the most sophisticated systems to breaches. Unless an attacker brags publicly about his crime, a breach can go undetected for months.
The best way to be proactive against the threat of a cyber attack is to invest in penetration testing. No security system is guaranteed to be impenetrable, but yours should be daunting enough to send hackers scrambling for an easier target.
Why do you need penetration testing?
Penetration testing, also called pen testing, looks deeply into your business to see how vulnerable it is to hackers. It goes far beyond ordinary security assessments or compliance audits. Here are some of the ways that pen testing stands apart:
How it works
Pen testers, using both software applications and manual methods, start by doing a little reconnaissance. They gather information about your business, from the perspective of it being the potential target of a hacker. They then identify vulnerable entry points. Finally, they attempt to break into your system, and they report back to you how successful they were. Remember that pen-testers are the good guys. These types of attacks, sometimes called “white-hat” attacks, are highly educational.
After a thorough discussion of your needs and concerns, the testers will decide on the best approach, which could include any or a combination of the following:
Putting test results to good use
You may find that your security policies and procedures are in dire need of streamlining or a complete overhaul. Have you identified the role that each staff member would play in the event of an emergency? Have you established channels of communication and a chain of command? Do your employees have the appropriate level of security awareness? Pen testing highlights areas in which improvement is needed.
Analysing pen test results will help your IT staff address your risks in order of importance. Results will also indicate how quickly and efficiently your IT team could respond to an attack.
You can also find out just how cost-effective your security tools are. State-of-the-art security tools are outrageously expensive. Pen testing will help you determine each security tool’s value. If you’re not getting a bang for your buck, you’ll find out in short order. Testers can also advise you about good tools that just need a little bolstering.
How often pen tests should be conducted
This depends on how attractive your business is to hackers, but ongoing testing is the most effective. Frequent updates and patches may address existing vulnerabilities, but they also introduce new ones. Every time you deploy a new app, modify your infrastructure or introduce a new cloud service, you’re inviting security issues that even your brightest IT employee might overlook.
A single hacker could put you out of commission for an hour or put you out of business for good. With so much at stake, it makes good business sense to invest in ongoing penetration testing.
Regular penetration testing is something we can help you with. Here’s more information on Stickman Consulting’s penetration testing services. And if you’d just like to know more, or need clarification of any sort, contact us here with any questions.