Even a single occurrence of compromised customer data can destroy an organisations brand and negatively impact its profitability. Penetration testing helps an organisation to avoid data breaches and compromise that lead to commercial and reputational loss.
Penetration testing identifies security holes in a network that a potential attacker could breach. Once found, remedial action can be taken to close those vulnerabilities before an attacker can exploit them.
CSA use a methodical approach, the latest toolsets and hacking methodologies to test the defences of specific applications, servers, routers, networks and other, within scope systems, looking for a potential foothold. The foothold is then exploited to see how far the network can be penetrated. Every vulnerability found is documented with recommendations on how to address the issues to mitigate the future risk.
Scope of penetration testing projects:
White Box – customer provides passwords, usernames, IP ranges and full network access. This simulates an attack from someone who knows the business, perhaps a current or ex-employee.
Grey Box – customer provides access to the network across all sites for scanning and exploitation but not usernames and passwords. This simulates an attack from someone who has specific but limited knowledge of the business.
Black Box – customer provides website address and nothing else. This simulates an attack from an unknown assailant who initially knows nothing about the network they are attacking.
Secure networks cost money but not as much as the cost of addressing a successful attack. There are the physical costs and potential GDPR fines (up to 4% of turnover) as well as the cost of commercial and reputational damage.
The Payment Card Industry (PCI) Data Security Standard and other recent security recommendations require external security testing. Regular penetration testing is good practice for any organisation interested in information security. Contact us to discuss our discounted recurring penetration testing packages.