What does a penetration test really do and why is it important?

The number of security incidents detected is rising significantly:  the average losses per incident are up 23% year-over-year, and the number of organisations reporting losses of more than $10 million per incident is up 75% from just two years ago according to the 11th Global Information Security Survey.

Many cyber attacks are simply automated and indiscriminately target identifiable vulnerabilities in hardware and software, irrespective of the organisation that uses them. These vulnerabilities include unpatched software, inadequate passwords, poorly coded websites and insecure applications.

Unlike a physical break-in, data theft may go undetected for months – even years – and most companies are unaware that they have been hacked.

A penetration test is a process of ‘ethical hacking’, a painstakingly detailed way of identifying security holes and vulnerabilities in your hardware and software that can be exploited.

It is designed to test networks, servers, applications, mobile platforms, laptops, wireless systems, printers and any other hardware or system that can store, transmit or process data that a cyber criminal can exploit to take control of your systems.

The most effective way to protect your data is to identify the potential vulnerabilities that exist and close them before you are attacked. By applying a series of thorough tests delivered by highly skilled, experienced experts who can find those holes and vulnerabilities fast, you will be able to quickly fix those areas, which in turn will increase your security posture.

Companies may ask why they need a penetration test if their data is stored in the cloud.  The truth is that software, especially custom-developed software, can often be filled with security holes and vulnerabilities, which means that your data can still be exploited even if it is hosted in the cloud.

Ongoing, regular assessments and penetration tests are critical and have proven to be a highly accurate method of identifying information system vulnerabilities.

Penetration tests and vulnerability assessments by a reputable provider offer an independent view of your existing security processes, and help to establish whether critical processes such as patching and configuration management have been followed correctly. Such tests give you the opportunity to review which security measures are working effectively, and which are not, and allow you to take corrective action.

IT Governance offers several types of penetration test that will suit the needs of any organisation.  Certain businesses may require a more in-depth type of test, whereas others may only need a “Level 1” test (often known as a vulnerability assessment), which is aimed at identifying potentially exploitable vulnerabilities.  For a detailed comparison of the different levels of tests, take a look at this informative explanatory table: https://www.itgovernance.co.uk/penetration-test-types.aspx.

Our Level 1 Infrastructure Penetration Test offers a complete solution for the efficient and routine testing of your IT system, ensuring that your networks and applications are genuinely secure against today’s automated cyber attacks.