Firewalls and antivirus protection can only go so far. The Yahoo.com hack of over 3 million unique users shocked everyone. Macy’s, Delta, and even Best Buy fell similarly to hackers. It makes you wonder what you can do to protect your business from falling victim to these nefarious cyber criminals. The answer might be the cybersecurity expert within your own company.
What is Penetration Testing?
Penetration testing is not a compliance audit, security assessment, or vulnerability scan. Penetration testing goes beyond simply locating cybersecurity problems to analyzing them and comparing them to your specific organization’s vulnerability.
Forbes says, “A penetration test is designed to answer the question: ‘What is the real-world effectiveness of my existing security controls against an active, human, skilled attacker?’ Your security assessment may reveal you’re 100% compliant. Penetration testing reveals more.
Which Companies Need Penetration Testing?
You have an online presence. The small shoe store on the corner may have local customers as its base, but internet advertising may also have Mom and Pop shipping shoes internationally.
You need penetration testing to:
Assess the maximum amount of damage your company would suffer if attacked
Identify high-risk or almost-impossible-to-detect vulnerabilities
Meet compliance requirements of credit card companies for penetration testing (Payment Card Industry Data Security Standard/PCI DSS).
Provide evidence to management/investors of the need for additional security personnel
Reassure security is in place after system upgrades or changes
Test your current security protocols
And, finally (unfortunately), you may need penetration testing to:
Analyze “where we lost it” by examining vectors and determining which were compromised post-hack attack
How Much Does Penetration Testing Cost?
“The whole idea of penetration testing is a little strange when you think about it,” says CSO magazine. “You’re essentially paying a hacker/security engineer to break into your systems any way possible…”
If you thought “paying for protection” was something in the 1930s involving small stores and neighborhood thugs, guess what? It’s back. Your organization will have to pay to protect your information (and your customers’ information).
A penetration test (pentest) by LPTs (licensed penetration testers) needs to be part of your annual cybersecurity budget. Some companies believe cybercrime prevention alone is important enough to be 75% of a security budget. “For my money, a superior split would be 50 percent prevention, 30% detection and 20 percent business recovery,” says technical analyst Mark Sinclair.
Penetration testing can cost anywhere from $900 (as seen advertised on Google) to $4,000 and up. In many cases, $2,000 is a fair price. When you figure some of the fines your company faces if you’re found to be security-noncompliant, the pentest is a good investment.
Don’t Wait for a Problem to Seek a Solution
Outsourcing penetration testing is costly but necessary. But what about hiring an in-house, onsite LPT? This security professional can add value to your business if you:
Frequently upgrade software and/or equipment. A company LPT can test your network every day.
Have mobile employees or any employees that use personal devices to access your company’s intranet or documents.
Manage sensitive information (medical material, client credit cards/home addresses).
Need a “malicious code” sweep more than once or twice a year.
Look at Your Team: You May Already Have LPT Potential
An organization’s ability to learn, and translate that learning into action rapidly is the ultimate competitive advantage. -Jack Welch, CEO
Your cybersecurity team is already in place. Why not utilize these professionals who have loyalty to your company and your brand? Building a strong employee base takes time, and you’ve invested that time. Now, you should invest in them.
ECSA/LPT Class, Infotec
Our Electronic Commerce-Council Certified Security Analyst/Licensed Penetration Tester class is one-of-a-kind. Because penetration testing involves real-world security, hands-on, real-world experience is a way for your employees to get intensive training. Ours is the only in-depth, advanced hacking and penetration testing class available that tests all current and legacy apps, infrastructures, and operating systems.
This course will teach your security professionals advanced LPT methodologies. They will learn ways to design, secure, and test networks to protect your business. As students learn to identify new-and-improved security problems, they can also learn how to avoid and eliminate them.
To find out about cybersecurity training for your employees, contact your Infotec training professional. We specialize in training, customized for your company.