Penetration testing or pen testing services have grown within the last decade, yet there are still many businesses that don’t know about the industry or why it exists. In this, the first blog post of our new series on penetration testing, we look at what the service is and how businesses benefit from regular testing.

In 2017, the globe was rocked by online threats. Among the most publicised were ransomware in the form of WannaCry and Petya. While both versions of malware were targeted at individuals, large business networks were hardest hit as these threats spread across continents with ease.

One can’t help but ask if these and other threats could have been pre-empted?

The answer is: yes. That’s what penetration testing was designed to accomplish.

Penetration testingSource: Top Security Threats of 2017, by Calyptics Security

 

In this blog post, we’ll look at what penetration testing is and what the benefits of regular pen tests are.

If you’re a systems administrator or business executive responsible for the security of your website or network, and haven’t found the time to dig into the value of penetration testing, this blog post will help you better understand the “what” and “why” of the service.

What is penetration testing?

A penetration test is an evaluation of the security defenses of an IT infrastructure using targeted exploits to uncover vulnerabilities.

What kind of vulnerabilities do penetration tests look for?

There is a wide range of vulnerabilities that may exist within a business’s IT infrastructure.  Weaknesses can exist within operating systems, services and application imperfections, or be due to poorly configured hardware and software, or risky end-user behaviour.

Why is pen testing important?

Penetration testing helps IT administrators uncover weak points in their networks, and test how effective their existing security measure are.

Regular penetration tests should be part of every business’s IT policy because new threats are developed every day, and new industries like Ransomware-as-a-Service (RaaS) make it easier for cyber criminals to perpetrate crimes.

 

Did you know?

did you know RaaS

Source: Internet Security Threat Report 2017, by Symantec

What are the benefits of completing regular pen testing?

When conducted regularly, penetration testing helps businesses:

Decrease the cost of service interruptions caused by security breaches

The cost of a security breach reaches beyond the downtime of a website or network. In many cases, customer confidence is eroded as an organisation’s reputation takes a hard hit, and depending on the industry, fines and penalties could also be issued.

Mini case study: Equifax Data Breach

Equifax, one of the three major credit bureaus, confirmed recently that up to 143 million customer records were breached in a hack that began in mid-May and continued through July of last year.

Compromised data reportedly included names, birth dates, Social Security numbers, driver’s license numbers and physical addresses, as well as some credit card numbers and dispute documents with personal identifying information.

The intrusion was discovered on July 29 2017, but the full impact of the breach is still to be determined.

News of the breach impacted the firm’s stock price negatively, resulting in a drop of 20% or nearly US$4 billion in value.

Eliminate as much risk as possible

Few networks are 100% secure, and attempts to prevent breaches with the use of a multi-layered security defence system have been proven to add more complexity to the intrusion detection process.

Regular penetration testing helps business asses how effective their defenses are, especially when new technology, such as cloud applications are involved.

Identify and prioritise risks

Once a penetration test report is completed, businesses then have the chance to prioritise which weaknesses to address, in which order, and according to their budget.

Conclusion

Penetration testing is the process of evaluating the security of a business’s IT infrastructure using targeted exploits to uncover vulnerabilities. Regular pen testing helps businesses find weaknesses within their network that could result in diminished customer confidence and financial loss.

Do you know where your IT network is weakest?

Contact us today on +27 23 004 0196 to arrange your penetration test.

Share This