Penetration Testing: Add to your Spring Cleaning
By Tobias McCurry
Here in the Washington, D.C. area, we’ve been enjoying unseasonably warm weather. T-shirts and open windows belie the fact that it’s still winter, for another 17 days to be exact. T-shirts, bicycles, and sidewalk chalk are typically broken out closer to the official start of spring, along with conducting thorough cleaning.
In addition to battling cobwebs, spring is a time to establish new goals for your business. You can’t manage what you can’t measure. Penetration testing of your externally facing systems will provide you with crucial measurements to assess your security and enable informed goal-setting.
Penetration Testing Defined
Penetration testing is one component of cybersecurity that’s easily understood. (Try explaining high-speed cloud encryption to your Aunt Tilly!) Hiring a firm to mimic an attacker and try to breach your security, so they can identify your weakness is a service that makes sense. Of course ‘white-hat’ hackers find vulnerabilities so you can you fix them – and do it before ‘black-hat’ hackers can exploit them.
A penetration test can:
- Examine all of your internal or external networks and targeted systems
- Discover and document any vulnerabilities in software, configurations, or risky end-user behavior
- Provide remediation steps
The Value of Penetration Testing
A fresh set of eyes is always advantageous. The most diligent professionals can still overlook errors, or perhaps not consider areas of vulnerability. (I appreciate my colleague’s assistance in proof-reading this post to catch any remaining typos or errors.) External consultants deliberately attempting to breach your security can provide a high level of assurance that your network is secure.
Don’t Just Hope and Pray: Prepare
Assessing your security is important to ensure malicious hackers aren’t able to penetrate your systems. You could place your bets on simply not being hacked. Considering in 2016, the Identity Theft Resource Center made the grim pronouncement, “Breaches have become the third certainty in life,” I’d never bet against the occurrence of a breach.
While the timing and severity of breaches may be unknown, monitoring the state of your security can also help you be prepared for other certainties. You won’t have to scramble last-minute for audits, board meetings, or disclosures.
From Assessment to Action
Of course any vulnerabilities discovered by your consultants need to be remediated. A penetration test is just an assessment which can establish a baseline and enable you to measure progress over time. Plans to improve your security are the next, crucial element.
Using the findings from a penetration test, you can posture your security goals. Be someone who really knows where their towel is.
Contact us today to discuss how SecureIT can help provide you with the assurance that you’re towel is exactly where you think it is.