Your cookie settings

We use cookies. By clicking "Submit Preferences" you are consenting to the use of cookies and understand that you can update your cookie preferences at any time. For more information about which cookies we use and how to change your preferences please visit our Privacy Policy page.

Some cookies are necessary for the usual function of our website. These are destroyed when you close your browser and do not store any of your details. Please note that choosing this option will result in you seeing this message each time you visit a new page as we are not storing any preferences for you.

In order for us to remember the preferences you select today and ensure that you don’t see this message again, we need to store a cookie to remember you. This is the only tracking cookie we will store if you select this option.

By selecting ‘all cookies’, you are consenting to the use of cookies and understand that you can update your cookie preferences at any time. For more information about which cookies we use and how to change your preferences please visit our Privacy Policy page.

Submit Preferences
Background

Have You Been Tested?

Posted by Robert Smallcombe

Give a monkey a typewriter, enough time and you will get the works of Shakespeare.

Give a hacker a laptop, enough time and you will get your IT systems compromised.

Looking at the above two statements you would get rather long odds on anyone denying the probabilities at play. Yet in the same vein IT Managers haven’t invested money to ensure that they are beating any hacker to the punch and receiving an in depth view of any threats or vulnerabilities they face. Instead, such things are left to chance whilst managers look the other way.

Ethical-hacking, or penetration testing, as the name suggests involves some rather intrusive and potentially painful examination. Depending on requirements, the tests can be broken down in to three main categories, each with varying levels of risk and complexity.

External Network Infrastructure Testing:

  • This assessment provides an understanding of an organisation’s risk from an internet-based attack on their public facing infrastructure.

Internal Network Infrastructure Testing:

  • This assessment aims to identify any risks organisations will face from an internal threat actor, be that a malicious employee or accidental malware download by an employee.

Specific Application Testing:

  • This approach takes a deep dive into any custom or in-house developed applications, internally or externally facing, and provides a report on the threats or vulnerabilities that could pose a risk to the organisation.

GDPR has brought penetration testing into particularly sharp focus, providing business leaders with a compelling reason to evidence that they are indeed completing their own due-diligence on their IT systems and networks. For instance Article 35 mandates a Data Protection Impact Assessment (DPIA) is carried out when the “processing of data is likely to result in a high risk to the rights and freedoms of natural persons”.

Penetration testing, then, is a valuable tool, not only providing quick wins through outlining actionable steps to mitigate risk but also in showcasing a positive approach to data security and regulatory requirements.

To find out more about how penetration testing could help your business, visit: www.arcturussecurity.com