No – not testing out the latest Mont Blanc pens… Penetration Testing.
What is Penetration Testing?
Penetration Testing aims to determine how easily and how far a hacker could get into your business systems and data.
Simply put, Penetration Testing is a controlled way of trying to hack into your company’s systems to detect vulnerabilities.
Vulnerability testing simply aims to identify areas that are vulnerable to an attack; Penetration testing goes much further – it seeks to achieve as much access as possible to an organisations’s infrastructure, systems, applications, processes and people. It’s a really effective way for an organisation to check the effectiveness of all the policies, procedures and processes they’ve put in place in order to make their business as cyber resilient as possible.
How does Penetration Testing work?
Specialist firms are hired to legitimately attempt to breach an organisation’s defences. They’ll test infrastructure, applications, networks, software, servers, firewalls, telephone equipment, VOIP, smartphones, tablets, printers.
A combination of manual and automated technologies are used to systematically compromise servers, endpoints, web applications, wireless networks, network devices, and other potential points of exposure.
Penetration testing should be conducted both internally and externally. External testing will identify avenues cyber criminals might take to access your network and systems. Internal testing looks for ways that information could ‘leak’ out – deliberately or accidentally. Testing will also include the people who work for the organisation – even volunteers who might have access to systems. People are nearly always the weakest link – they often use easy to guess passwords; they might open email attachments and links without thinking whether these might be part of a cyber attack; and even when they encounter something unusual they often don’t tell anyone.
Simulated phishing attacks can be sues to see how cautious and security aware staff really are.
Common findings of Penetration Testing
The most common findings include of penetration testing include:
- design flaws
- configuration errors
- unpatched software
- weak encryption algorithms
- unsecure coding practices
When considered individually these might noy seem consequential but when combined they can create a lethal cocktail and give hackers an open door to bring a business to a standstill.
Penetration testing should be performed on a routine basis and it should be carried out whenever new network infrastructure or applications are added; following major upgrades or modifications to infrastructures and applications.
After Pen Testing
The results of a pen test should be analysed, weaknesses remedied and staff provided with feedback and – where appropriate – further training.
Benefits of Penetration Testing
Penetration testing enables a firm to become more cyber resilient and therefore less likely to suffer downtime, lose data, incur the high costs of restoring data. Such a firm can maintain its reputation with clients, suppliers, insurance companies and regulatory bodies.
So isn’t it time your organisation did some pen testing?
Alchemy Systems have 20 years of IT systems experience and are a Microsoft Partner. Alchemy Systems Designs, Supplies, Installs, Supports and Protects clients’ IT systems. Tel. 0330-043-080198 Email. [email protected]