logo

A small business guide to penetration testing

By rotide
Created 19/07/2018 - 14:20
Cyber Security.JPG

Sponsored Post

The number of cyber criminals and hackers is greater than ever before, and attacks are getting very sophisticated. For a small business this can be extremely worrying, as just one data breach [1] has potential to threaten the ongoing existence of the company.

One of the forms of IT security that many businesses, both large and small, now utilise to help identify and address risks is ethical hacking. In ethical hacking, professional cyber security experts attempt to safely compromise a company's computer system and, but then provide details about what of they did and how they were able to do it. This can be enormously valuable as the business can then make changes to its IT security to keep out real-life bad guys.

Small businesses can benefit significantly from high quality pen testing, so if you are interested in learning more, please read our easy-to-follow guide.

What does a penetration test involve?

During a pen test, a single cyber security professional or a team of specialists will attempt to breach [2] your business' network, systems and applications, in order to identify hidden security vulnerabilities. In effect they will do exactly what a real criminal hacker would do if they were trying to break into your systems in real-life

In an ideal situation, as few people as possible should know that the penetration test is being carried out so that you can simulate an attack that is as close to the real thing as possible. Not only will this show you whether hackers would be able to get into your systems if they wanted to, but it can also reveal how your staff would respond to an attack.

Once the test is complete, the testers will produce a written report detailing the vulnerabilities discovered, the assets they were able to gain access to your system and advice about what to do to address any identified weaknesses.

Why do small businesses need pen testing?

There are a number of reasons that small businesses should consider penetration testing. If you own a small business you might assume that you are not at risk due to your size. However, some hackers view small businesses as likely to have weaker defences, making them an easy target. Additionally, small businesses can sometimes be targeted as they can be used as a route to compromising a larger business. Small businesses will typically have smaller budgets and fewer resources for their IT department, so it is usually easier for a hacker to gain access to a small business' data and IT system than a large company.

If you do have a small business and your budget for cyber security is not enormous it can be invaluable for you to understand exactly where your weaknesses lie so that you can invest time and money in ensuring you are as well protected as possible.

Who should carry out your pen testing?

Some companies assume that the best people to try to gain access to their system would be their own staff. After all, are likely to be the people most knowledgeable about in-place systems. But, according to specialists Redscan [3] - the truth is that it is essential that you should employ a completely separate company or cyber security professional to run the pen test.

"With threats constantly evolving, it's recommended that every organisation commissions penetration testing at least once a year, but more frequently when:

• Making significant changes to company infrastructure

• Launching new products and services

• Undergoing a business merger or acquisition

• Preparing for compliance with data security standards

• Utilising and/or developing custom applications"

Penetration specialists, Redscan [4].

When the attempted breach is made from outside of your business, the specialists can approach it in a manner that a real hacker would - they won't already have an idea of the strengths and weaknesses of the system, they will simply try, within the remit of the test, to use any means necessary to break down your cyber defences. Choose a business with years of experience in penetration testing with a great reputation for overall cyber security.

Other aspects of ethical hacking

When you come to choose your penetration testers you need to ensure that they have a full understanding of the different aspects of ethical hacking [5]. A real hacker will not simply stop trying to break into your system if their initial approach doesn't work - they will use a variety of offensive tactics that could include phishing emails and advanced code injection techniques.

The best penetration tests will encompass a wide range of ethical hacking techniques and schemes, so don't settle for testers who aren't able to demonstrate a high level of knowledge.

Source URL:
https://www.newbusiness.co.uk/articles/it-advice/a-small-business-guide-penetration-testing

Links:
[1] https://www.inc.com/thomas-koulopoulos/the-biggest-risk-to-your-business-cant-be-eliminated-heres-how-you-can-survive-i.html
[2] https://www.networkworld.com/article/3141311/it-management/penetration-testing-for-you-little-guys.html
[3] https://www.redscan.com/
[4] https://www.redscan.com/services-category/assess/penetration-testing/
[5] http://www.monitis.com/blog/top-7-penetration-testing-tools-for-the-small-business/