As a cybersecurity specialist, lockdown is not really a time for rest and relaxation as it may be for other people. Over a Zoom meeting I recently had with my testing teams, we were all mulling over the fact that cybercriminals are relentless! These guys don’t stop at anything, even during a pandemic. Penetration testing requirements, of late, have gone through the roof.
The rationale is the same for extended business holidays, like the end-of-the-year period - it’s far easier for someone to bypass system security during a lockdown because the levels of diligence are relatively lower.
Way before the pandemic, I was having a chat with a young business owner who had just started out. He had come to me for some friendly advice on cybersecurity guidelines for new companies. At one point, he asked me why penetration testing was so important and whether it was something he really needed.
Funnily enough, I used a doomsday example to illustrate the dangers of an idle office or workstation. I remember saying ‘If you need to lock up your office for some time, you need to make sure there’s not even the smallest chink through which cybercriminals can get in. The only way to make sure there’s not even the slightest security gap is through penetration testing.’
If you’ve been contemplating your own penetration testing requirements in light of the recent lockdown, here are a few things you need to consider.
There are many different types of penetration testing and what you should choose depends on what your needs are. While you may very well need all types of penetration testing, many clients come to us with specific penetration testing requirements in mind.
This spans both internal and external surfaces of a network, web and mobile application testing, network segmentation testing, and wireless testing to name the main types of testing that can be availed.
Depending on what your needs are, a cybersecurity specialist team will ask for access to your systems, networks or applications and test these in an attempt to gain access the way a cybercriminal would. This allows them to identify any chinks in your armour that someone with more malicious intent can exploit. This process is referred to as ‘ethical hacking.’
Regardless of what your other penetration testing requirements are, one thing is for certain: You need a team who not only has knowledge and experience in this area but can also back it up.
CREST is an international accreditation that supports and affirms the value of the information security industry. Pen testing teams that are registered with CREST are able to guarantee a higher quality of service. At Triskele Labs, my team of specialists are CREST-registered security analysts and penetration testers and are CREST-certified when it comes to web application testing.
In the midst of assessing your penetration testing requirements, something else you should think about includes your remediation strategy. While none of us likes to think about what would happen if our defences were breached, it’s important to have a plan in place to deal with the aftermath of a cyberattack, successfully.
Fortunately, penetration testing helps you finetune the elements of your remediation strategy by giving you an understanding of what your main vulnerabilities are. Pen testing, while not a panacea to all your security problems, also allows us to investigate systems or applications that possess ineffective security controls when these are being considered as part of your remediation strategy.
Penetration testing is a very important element of your overall cybersecurity plans and strategies. Especially during periods of lockdown, these tests help you understand how cybercriminals may be gaining access to your systems and thereby prevent any breaches while you work from home, now or in the future.