Skip to main content

Penetration Testing vs. Vulnerability Testing Your Business Network



Hearing "all of your confidential information is extremely vulnerable, we know this because..." is bad news, but whatever follows the ellipses determines just how bad. Consider two scenarios.
  1. "All of your confidential information is extremely vulnerable... we know this because a hacker took all of your customers’ credit card info and locked all of your files behind ransomware."
  2. "All of your confidential information is extremely vulnerable...we know this because we did a vulnerability scan of your network, and have some suggestions on how you can improve." 61% percent of small businesses are victimized by cyber attacks each year, and one in five victims do not survive. It is financially worthwhile to make sure that you end up being the person hearing the latter sentence.
Scenario 2 describes the statement after you have had a vulnerability test conducted. A vulnerability test is a comprehensive audit of security flaws that a hacker could exploit, and the possible consequences. This is the equivalent of a doctor giving a physical examination. This information will allow you to know what your risks are and plan your security policies accordingly.

Vulnerability tests should be conducted quarterly, and can be done by in-house IT or outside consultants.They should be done quarterly, or whenever you are incorporating new equipment into your IT network.

What is a pen-test: A pen-test is a simulated attack on a network to test the strength of its security. Usually, the pen-tester will have a specific objective (e.g. “compromise this piece of data...) A vulnerability scan tells you “what are my weaknesses?” and pen­test tells you “how bad a specific weakness is.”

How often should you pen-test: Different Industries will have different government mandated requirements for pen­testing. One of the more broad reaching regulations, the PCI DSS, for example, requires pen-testing on an annual basis. However, it is prudent to go beyond the legalminimum. You should also conduct a pen-test every time you have
  • Added new network infrastructure or applications,
  • Made significant upgrades or
  • Modifications to infrastructure or applications,
  • Established new office locations,
  • Applied a security patch
  • Modified end user policies.

Comments

Post a Comment

Popular posts from this blog

Leave virus protection to your MSP Doctor

Leave virus protection to your MSP Doctor Cyberattacks on individuals and businesses for nasty purposes is nothing new. Stealing data, disrupting business, national activities, and just causing general mayhem has been going on for as long as there has been a digital world to attack. Ransomware, however, seems to stand out as a particularly unique and especially troublesome form of crime. For one thing, once an attack has happened, there is likely nothing to do to retrieve your data until you have given in to the demands of the criminals. As a small- to medium- sized business owner, you should never just rely on off-the shelf virus protection programs as the sole tool to protect your organization against cyber crime. In all cases you should rely on an IT professional to look at every aspect of your IT infrastructure to ensure that everything possible is being done to protect your data. Beyond that, ransomware attacks are a particularly troublesome form of crime that requires special...
Post a Comment
Read more

Stars of the show: Cloud and VOIP

Stars of the show: Cloud and VOIP Despite annoying challenges presented by the abrupt shift to the WFH model thanks to the pandemic, there were some tech heroes that saved the day. These two made WFH possible. The cloud The cloud is that platform whereby you outsource your data storage as well as many of your applications. With the cloud, your data and software applications are no longer physically located in a specific geographic location. Therefore, access is no longer tethered to a user's physical location. The cloud was the biggest game changer during the pandemic because it allowed businesses to get anytime, anywhere access to their data as well as critical applications. It wouldn’t be wrong to say that if it weren’t for the cloud, a lot of businesses wouldn’t have been able to survive the pandemic at all. VoIP Along with the cloud, VOIP proved to be one of the most critical elements when it came to business continuity during this pandemic. It revolutionized business commu...
Post a Comment
Read more

Outsourcing: an overview

Outsourcing: an overview Outsourcing today simply involves using external entities to handle specific, specialized business functions so that organizations can focus on their core competencies. The idea of seeking outside support for areas that are not core to a business is many decades old. However, seeking support from external providers can make a lot of sense, especially in fields that involve considerable complexity. One example, as human resources becomes increasingly complex practice, especially in areas that involve often complex and arcane laws such as benefits and employment law, many smaller companies are increasingly outsourcing some or all of their HR tasks. IT is another example. Like human resources, IT covers a wide range of specialties, for which no one or two individuals can possibly hope to be fully versed in. As the CEO of a small- to medium-sized firm, or perhaps a line manager, why should you consider outsourcing all or part of the IT function? One immediate rea...
Post a Comment
Read more