A December 2012 report by GreenSQL
revealed that 88 percent of all companies that participated in the survey did not protect their databases from both external and internal threats, and almost one fifth do nothing to protect their databases at all.
IT Governance, the information security experts, advise that efficient and routine penetration testing
of an organisation’s system is the only way of establishing that networks and applications are secure.
Alan Calder, CEO of IT Governance, says, ‘With the ever-increasing risk of external attacks to websites, the continual enhancements and upgrades to a system over time, and the continual discovery of new vulnerabilities and security holes; organisations need to conduct external penetration tests annually, at least.’
Fixed-price penetration testing packages
make it easier for organisations to conduct regular security testing. However Calder warns that penetration testing must be undertaken by qualified testers.
“Inexperienced penetration testers rely too heavily on automated tools, rather than thinking strategically. Tools are helpful, but they have limitations when it comes to identifying potential exploits and accurately assessing risks. Organisations should be hiring skilled and independent pen testers who are able not only to produce a full report for their clients, but advise them on what effective controls they should be putting in place to protect their systems.”
Effective penetration testing
involves the simulation of a malicious attack against the security measures being tested, often using a combination of methods and tools, and conducted by a certificated, ethical professional tester. The resulting findings provide a basis upon which security measures can be improved.
IT Governance offers fixed-price penetration testing packages
which can be purchased by contacting the IT Governance service centre team on telephone number +44 (0)845 070 1750 or by email to firstname.lastname@example.org