Cyber Security Keyboard and Magnifying Glass
Published 06 Jun 2019

A penetration test is, in fact, a large suite of tests not just one single test. They are designed to work together to evaluate the security of your IT infrastructure. Penetration testing is all about detecting and addressing threats before actual security breaches or attacks take place. It's like you checking your doors and windows are locked before the burglar does. Except we do the checking for you.

Delegates who have attended any of our free Cyber Security Workshops are eligible for a thorough suite of penetration testing at a special discounted price of £299. See below for more information.

What is Penetration Testing?

Pro-Networks use specialist, industry leading, software systems to methodically and safely identify any exploitable vulnerabilities your IT infrastructure may harbour. We do this by performing numerous benign ‘attacks’ on your defences. These will identify any vulnerabilities that may exist in your firewalls, operating systems, services, networks, applications, device firmware, and more.

The reasons a business needs to be connected to the internet are numerous. To get to the web, to send and receive email, to access cloud storage or other services, to allow remote workers to have access to your network when they are out of the office - the list goes on and on. 

All of these different types of access need to be secured and locked down so that only authorised personnel can make use of them. Internet-facing services that are not required need to be identified and shut down completely. Additionally, out of date protocols, old software, unpatched firmware, unsupported operating systems all need to be brought up to date or retired.

A 2019 UK Government report shows that 30% of businesses and 20% of charities identified cyber security breaches or attacks in the last 12 months. And of those that had been attacked, 48% of business and 39% of charities were now facing at least one attack per month. There is a pressing and vital need for you to know the effectiveness of your cyber defences, and to bolster those defences where they are less than optimal.

The Bad Guys Are Doing This Too!

Cybercriminals use readily-available automated software to perform scans that look for networks with internet-facing vulnerabilities.

Their software casts its net wide and then sifts through the IP addresses it has discovered, looking for vulnerable networks. It does this by performing scans similar to those that we do. But they are looking for vulnerabilities that they can exploit, of course. We are looking for vulnerabilities that we can rectify.

Penetration testing will identify any potential exploit that could be leveraged by the cybercriminals to their advantage.

Satisfy Contractual or Other Regulatory Requirements

You may have a formal requirement to perform penetration testing.

Cyber insurance policies often stipulate that penetration testing is performed at least annually.

The payment card industry data security standard (PCI-DSS) requires penetration testing to be performed periodically. The frequency is usually dictated by the payment partner that is processing the payments. The number of transactions you perform will have a direct bearing on this.

Because of the joint responsibility between data controllers and data processors under the GDPR regulations, businesses are being more particular and specific in the due diligence that is being conducted on prospective service providers and suppliers, and evidence of penetration testing and remedial actions are now a common part of that due diligence.

Questions about the frequency and independence of penetration testing are starting to appear on tender documents, along with follow-on questions regarding the actions that were taken to address the points of concern that were raised in the penetration testing report.

Prevent Downtime and Loss of Revenue

Recovering from a security breach, malware infection or other hack is expensive.

The process is complicated and might well involve IT remediation, activities to safeguard customers including notifying the ICO, legal activities, and activities to combat loss of revenue and reputational damage. Penetration testing helps an organization avoid these financial setbacks by proactively detecting and addressing vulnerabilities and exploits before security breaches or attacks take place.

Frequent employment of penetration testing avoids these expenses, complications and penalties.

How Often Should You Do This?

Penetration testing should be carried out at least annually and, according to your type and size of business, possibly more frequently. If your cyber insurance policy, PCI-DSS strictures or other contractual requirements dictate more frequent testing, this should be adhered to. Penetration testing should be repeated whenever there is a non-trivial change in your network infrastructure. 

You have your company vehicles MOT'd. You have your fire alarms serviced. You have your burglar alarms maintained regularly. Your cyber defences need the same type of attention. 

Remember, we are talking about preserving the confidentiality, availability and integrity of your network. In other words, the robustness of your business and its ability to continue to trade.

Discounts for Workshop Delegates

If you have attended one of our free Cyber Security Workshops your business is eligible for an external penetration test, an internal vulnerability scan and accompanying report for £299 exc VAT. This represents a discount of 66%. 

If you wish to take up this offer please see our Contact Us page and let us know you'd like to get a granular view of the effectiveness of your cyber defences. 


 

French police take down botnet

New report estimates global cost of...

Cyber Security is a Team Sport