29 July 2014
Whilst the news is full of warnings and cautionary tales of security breaches costing businesses their reputations (and thousands of pounds in fines) I think there’s something inherent in human nature that makes us think, “It won’t happen to me!” Yet current estimates suggest that Britain experiences 1,000 cyberattacks every hour! It’s arguably one of the biggest challenges faced by UK businesses – big and small – and often, people aren’t even aware that there are problems with their security in the first place. It’s like leaving a window wide open and going off to work day in, day out!
Some companies are making sure they haven’t left any windows or back doors open by using pen testing, which basically means hiring a cybersecurity expert to approach your IT infrastructure the way a hacker would. Without damaging anything, they find any vulnerabilities in the system and attempt to exploit them. If they can, a malicious hacker can too, so it’s better to be aware. Ignorance is definitely not bliss in this situation.
It’s tricky to keep on top of little flaws creeping in. A brand new server is like a blank sheet of paper. It’s secure. However, weak points get created when things are added to it. If you’re a company using third party software, for example, and there’s an error on it, that error has been introduced to your server without your knowledge. Take the Heartbleed bug, which some vendors took weeks to patch! It’s just one way a site could become vulnerable even if it’s hosted on a secure network.
Getting a real person with expertise and imagination to simulate a real life attack on your IT infrastructure is a proactive way to approach security. Hackers often go for the low hanging fruit – organisations with little awareness of their own security structure. Pen testing pushes you further up the tree, away from the hackers shaking the branches, and into a much less precarious position.
If you’re a client of ours, we’re offering free vulnerability scans through Secarma, a division of UKFast. These scans are basically the first steps of a pen test and provide a good picture of where you stand.
Together, we can fight the threat that cybercrime poses to our businesses and our economy.