Cybersecurity is a critical component in the protection of computer systems, networks and access to information security.  The apps we use on our phones and the many services we share our email with to sign up for subscriptions are examples of targets for criminals. Putting your information only into trusted sources is always a good idea, but how do we know the answer to the question: “Is my data secure?”  One effective method used by many organizations  is Penetration Testing (Pen Test) Pen Tests are a very widely used method in the Cybersecurity field that tests the security framework of an organization’s computer systems and networking.  Other methods usually involve making a wish and a large amount of sand (to bury their head in)!

What Is Penetration Testing?

Penetration testing is when a third-party organization is authorized to attempt to breach all aspects of a company’s security framework. In doing so, these third parties attempt to discover what backdoors, vulnerabilities, or unprotected points of intrusion they can identify. This is done using a variety of tools and methods that assist the ethical hacker in gaining different pieces of information that can help identify different vulnerabilities or weak points in a web page to a database and even a Wi-Fi password.

Some methods of penetration tests are even targeted at specific end users such as administrators and even accounts payable clerks.  These methods usually utilize some kind of “dark web scan” for their email address and known passwords.  They also can include simple social media reviews of Facebook, Twitter, Linked-In and even Instagram accounts.  This is usually done in order to gain knowledge of the end users’ position, access levels, or even their dog’s name to attempt to reset their password online.

Why Do We Need Penetration Tests?

For many organizations, a penetration test is required for compliance with a state or federal  contract.   Many insurance companies also require disclosure of when your last test was conducted and the results of said test before they will even quote you on Cybersecurity Insurance.  It is recommended that penetration tests be performed at least once a year for all organizations regardless of size.  

Concensus Recommendations for Penetration Tests (Is there a call to action)

Concensus suggests that you perform a Penetration Test at least once a year and combine it with a monthly vulnerability scan.  If you perform your monthly vulnerability scan and eliminate the vulnerabilities throughout the year, the chances of passing your Penetration Test is exponentially higher (as most Pen Tests will also include a vulnerability scan).  

You should also always use a third party to perform the penetration test, as this will lead to a truly unbiased examination of potential entry points for cyber criminals. 

If you or your company are interested in learning more about the benefits of penetration tests, or you’re looking to schedule one, contact Concensus today and one of our cybersecurity experts will be in touch. 

Research

Put any links to articles etc. here for the marketing team to read up on as they are converting this document into a blog post.

https://phoenixnap.com/blog/best-penetration-testing-tools

https://securitytrails.com/blog/the-social-engineering-toolkit

https://www.computerweekly.com/photostory/2240160133/Nine-must-have-OSINT-tools/8/7-Social-Engineer-Toolkit