Cyber Defence Cyber Security Guest Post

Penetration Testing – Where Hired Hackers Do Bad Things for Good Reasons

(GuestPost)— There is a certain connotation surrounding hackers that pretty much summarises to ‘hackers are bad’. Hackers break into your business’s security system, extract important data and then exploit that data, very often these days for a Bitcoin payment. Your business is put at risk, sensitive information is lost, and a host of problems follow – it’s not hard to see why hackers have achieved a pretty bad reputation.

That’s whole the story, right? Case closed. Well… not quite.

Hacking is more of a case of good vs evil. Sure, there are hackers out there who are trying to steal data from your system. However, there are also hackers out there who want to look after your data, and in turn, protect your customers. In fact, many people make a career out of hacking for the good side, not just the bad side.

The general perception of hackers could not be more wrong. Hackers come from all walks of life; they could have been chefs or college students, pretty much any professional occupation you can think of. Hired hackers, more commonly referred to as ethical hackers, have made a profession out of testing business security to prevent exploits, and this all starts with penetration testing.

Why Are Penetration Tests So Important?

While the perception of hacking may sit more on the bad side, good hackers are an essential part of comprehensive business security. You would never send a product or service to market without thorough safety checks and the same goes for business security. Building the product is not enough, you need to see how it stands up when it’s actually tested and put to use.

In 2016 alone, nearly half of the businesses in the UK were targeted by cyber-attacks, many of which resulted in a breach of their systems. By simulating such an attack before it happens, your business is being proactive in the face of a threat that continues to grow as technology develops. The systems you put in place last year may not be enough to deter hackers this year.

One of the best ways to defend against the possibility of a breach is to use a service that knows how to replicate such an attack in a safe and controlled way. This means that you can see for yourself how capable your ‘defenders’ are at protecting your company’s valuable data.

Read this article by Fidus info security to see what to look out for in an effective penetration test.


Keeping Your Business Data Safe

Ethical hacking and penetration testing turns the classical stereotype of a hacker on its head. Many hired hackers are certified, follow a public code of ethics, and always provide extensive reports on what they find, what they think needs to be done, and where the system is lacking the most defence.

Like hiring any IT professional to look after your systems, a penetration tester looks after your system from the outside. However, there is one big constraint that many businesses don’t factor in – time. A limited time test focuses on certain elements, but unlike cyber-attacks, hired hackers don’t have all the time in the world to break into your system. This means that regular maintenance is essential.

If you want a secure system, then hiring someone to break into it is the only way to truly assess whether or not you’re going to be able to keep the bad hackers out.


A Break Down of Penetration Testing

Pen testing, as it’s known in the business, is a process very similar to malicious hacking – only without the criminal intent. The purpose of pen testing is to assess whether or not your business has adequate security in place to stop hackers from accessing your systems and retrieving information that they can later exploit for payment.

The big difference is that your business hires these testers. You formulate a plan together, decide where, when, and how the test is going to commence, and receive a full documented report of the true state of your business’s security system. At the very start of the process, you draw up limitations, decide how thoroughly to test the system, and what elements of the system you want testing.

It’s kind of like a working test of what you have in place to deter hackers. If your hired pen tester can break through your security measures, locate exploitable data, and get back out, then you have a big problem with your network and security. If the tester can’t get through (a rare occurrence), then you gain the assurance that your security measures are good enough to keep your business’s data safe.

Andrew Mabbitt

My Guest:

Andrew Mabbitt is a cybersecurity expert at Fidus Information Security. As an ethical hacker, his job is to detect and rectify security vulnerabilities before malicious hackers do.

Add Comment

Click here to post a comment

Language »