Have You Been Tested?

Robert Smallcombe on 1pm1/1pm1/1pm1

Give a monkey a typewriter, enough time and you will get the works of Shakespeare.

Give a hacker a laptop, enough time and you will get your IT systems compromised.

Looking at the above two statements you would get rather long odds on anyone denying the probabilities at play. Yet in the same vein IT Managers haven’t invested money to ensure that they are beating any hacker to the punch and receiving an in depth view of any threats or vulnerabilities they face. Instead, such things are left to chance whilst managers look the other way.

Ethical-hacking, or penetration testing, as the name suggests involves some rather intrusive and potentially painful examination. Depending on requirements, the tests can be broken down in to three main categories, each with varying levels of risk and complexity.

External Network Infrastructure Testing:

  • This assessment provides an understanding of an organisation’s risk from an internet-based attack on their public facing infrastructure.

Internal Network Infrastructure Testing:

  • This assessment aims to identify any risks organisations will face from an internal threat actor, be that a malicious employee or accidental malware download by an employee.

Specific Application Testing:

  • This approach takes a deep dive into any custom or in-house developed applications, internally or externally facing, and provides a report on the threats or vulnerabilities that could pose a risk to the organisation.

GDPR has brought penetration testing into particularly sharp focus, providing business leaders with a compelling reason to evidence that they are indeed completing their own due-diligence on their IT systems and networks. For instance Article 35 mandates a Data Protection Impact Assessment (DPIA) is carried out when the “processing of data is likely to result in a high risk to the rights and freedoms of natural persons”.

Penetration testing, then, is a valuable tool, not only providing quick wins through outlining actionable steps to mitigate risk but also in showcasing a positive approach to data security and regulatory requirements.

To find out more about how penetration testing could help your business, visit: www.arcturussecurity.com

It’s All OK, Until the Lights Go Out.

Robert Smallcombe on 1am1/1am1/1am1

Digital technology is touted as the answer to revenue growth, profitability and many other fundamental areas of business. Sales people the globe over preach about how their technology enables enhanced productivity, more effective collaboration, a better customer experience, deeper insights and so on. Any new technology is exciting and similarly I enjoy kitting out my home with the latest gizmos and gadgets, bells and whistles. Yet before I focus on spending money on these enablers, I need to ensure I have locks on the doors and crucially – a power supply.

Whilst a power outage at my home doesn’t typically have any greater consequence than a heightened blood pressure. The same cannot be said for the loss of power at a datacentre. For a datacentre, and for any company hosting servers at that datacentre, any power loss or ongoing interruption can result in crippling revenue losses, damaged IT equipment and even worse; irreparable brand damage. Power is often taken for granted, and understandably, in the same way many approach their health, funding flows towards finding a cure rather than prevention. It is only when these risks are actually realised and/or quantified that it really hits home. In 2016 a study by Ponemon Institute found that the average cost per minute of an unplanned datacentre outage across all industries came to $9,000 per minute.

At The Bunker, we are fortunate to operate our datacentres out of two ex-military sites built to an exacting power infrastructure standard. This gives us the ability to offer power at each bunker from two independent feeds, with two generators on standby ready to provide power indefinitely should the other feeds fail. At our Ash Bunker we uniquely benefit from one of it’s power feeds being dedicated and subterranean. This gives us enhanced resilience since the power runs underground, directly from the national grid, serving only The Bunker. All this put together provides a physical fortress in the UK, that many companies desperately depend upon as a first line of defense, hosting their critical applications and data.

It isn’t new technology and it doesn’t generate much excitement. But rest assured, making sure the lights stay on might save you and your company many thousands of pounds per minute. Now that’s a powerful thought.

A Culture Of Security Survival

Robert Smallcombe on 1pm1/1pm1/1pm1

In the last week we have heard that 57 million personal records were stolen from Uber by two hackers. Alone, this made good headlines and an interesting story to read about, assuming it didn’t directly affect you or your company.