Penetration testing is a must

With the digital war now at the doorstep of the enterprise, IT managers are realising the need for a proactive approach to battling the ever-intensifying wave of attacks.

Tags: help AG (www.helpag.com/)
  • E-Mail
Penetration testing is a must Nicolai Solling, director of technology services, Help AG
By  Nicolai Sollig Published  February 24, 2014

With the digital war now at the doorstep of the enterprise, IT managers are realising the need for a proactive approach to battling the ever-intensifying wave of attacks.

Security technologies such as antivirus, firewalls and Web gateways remain an obvious first line of defence, but investment into new areas, no matter how earnest the attempt, will inevitably be hampered unless IT teams understand the loopholes in their security infrastructures.

In the Middle East, many of the successful attacks carried out by organisations such as the Syrian Cyberarmy and Anonymous, have loosely defined structures. With their widespread networks of hackers of varying skill sets, the methodology of these attacks is difficult for any security organisations to predict. While having the best security system is vital to a hardened infrastructure, assessing the solution’s practicality is what most regional organisations fail to accomplish. Attacks are inevitable and now more than ever, there is need for insight beyond the obvious.

Penetration testing, commonly called ‘pen testing’, involves simulating attacks on an IT environment to identify the ways in which a would-be hacker would do so. It helps identify the risks an organisation is exposed to and allows IT teams to take the correct steps to bolster network defences and robustness against a wide variety of attacks. Perhaps the main advantage of penetration testing is that it gives customers a very clear understanding of where they stand from a security perspective and helps clearly identify where investments must be made and changes performed.

When preparing to make a successful pitch of a penetration test in the boardroom however, there are some common misgivings a CIO must be prepared and ready to address.

Perceived risks

Simply put, no organisation wants to ‘air its dirty laundry’ and trusting a third-party provider with uncovering vulnerabilities can be something of a hard sell. Organisations must however realise that professional service providers operate under strict, full non-disclosure agreements (NDAs) meaning that there will be no mentioning of the engagement and no sharing of the results of such an undertaking either internally or externally.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code