Penetration testing – also known as pen testing or ethical hacking – may seem a bit of a weird concept; after all, we get enough threats from the outside world, why should we hack ourselves? But there’s a method to our madness, and it’s a madness that more people should be getting on board with!
Every hour there are around 1000 cyber-attacks on British businesses. You might be thinking ‘that would never happen to me’, but attackers don’t discriminate: no matter what shape or size, your business will still have something of value to them. With all the security scares in the news recently, it’s becoming clear that solutions shouldn’t be left vulnerable, yet so many organisations aren’t aware that they’re extremely hackable; and pen testing is a great way of putting yourself a step ahead.
What is a pen test?
Very simply, penetration testing is hacking yourself (or a security company hacking you for you). It’s like going for a full-body health scan and finding out your weak spots before you get sick, so you can get it fixed up before your body is attacked by a virus. That way, once you know where you’re most easily attacked, you can pre-empt hackers and protect yourself before they spot your weaknesses.
How does it work?
There are two stages of testing. First up is the vulnerability scan, which sees (surprisingly) how vulnerable you are, exposing potential holes – like dodgy code – that hackers could use to get into your system. The scan’s carried out with powerful tools and assesses where the vulnerabilities are, and how risky it could be if you were hit there.
Then comes the pen test itself, which involves trying to break in and access the data through these vulnerabilities. There are two options: infrastructure testing, and website application testing.
There are lots of reasons to have a pen test, including:
Compliance – if you need to prove that you’re safe for industry standards
Testing your incident response team – make sure your team are on the ball
Generally being proactive – have ya seen all the threats out there? Have you??
Adding value to your service – whether you’re a developer handing over a site to a client, or a business wanting to prove to clients that you’re safe, it adds reassurance.
What should I do next?
Find a pen testing service and get testing! One option is going with your hosting provider as you know they’re happy to deal with the additional traffic that the test will bring, and you’re already integrated into their service; but the main thing is to find a company that you trust.
We’re offering free vulnerability scans for all UKFast clients through Secarma, a division of UKFast, as part of BASEfund, a £1m investment to keep businesses safe online and help them grow.
Get in touch to discuss your penetration test on 0208 045 4945 or contact your account manager.