The what and why of pen testing (no, not the bic ones)

The what and why of pen testing (no, not the bic ones)

Category : Business

Example of a port scan using nmap on the Kali Linux OS

Do you ever lock your door but still try open it after “just to make sure it’s definitely locked?” We as people are paranoid and clumsy beyond belief. We constantly check if we’ve done something right or that everything is how it should be. Penetration testing is exactly that.

When you set up a new computer or configure a network, there are bound to be flaws somewhere. This is increasingly true the larger the network is. A penetration tester or ‘Ethical hacker’ aims to exploit those flaws to see what kind of damage could be done if a malicious hacker did the same. This usually leads to many shocked faces when you have screenshots full of company accounts and HR data. The key is, we got to the data first, now we can fix it.

Once a penetration test is carried out, we have a decently sized report of any potential or impending risks to your company. It may take some time and money to work our way through these problems depending on what was found, what the solution is and how much downtime there will be. However, this will always be cheaper than recovering from a real security breach (the average cost of which is around £3 million according to a 2018 study).

Some industry standards also require you to regularly perform pen tests to be compliant. Some examples are PCI DSS, HIPAA and ISO 27001. Having compliance to these standards are crucial to set yourself apart from the competition and ensuring client data is safe and secure.

In conclusion, it’s worth making sure your IT door is locked. Get in touch if you’d like to learn more on the penetration testing process and what options there are for you.