Cyber-crime costs UK businesses up to £22 bn each year (source: The Cost of Cybercrime, the Cabinet Office). The number of cyber-attacks is also increasing year on year, and both small and larger businesses are being targeted by criminals for their sensitive data and supplier and client information.
Penetration testing is the key step to ensuring your personnel, network, systems, software and data are regularly proof tested against hacking, or indeed interference by competitors or those simply out to cause trouble. A penetration tester (or ‘pen tester’ or ‘ethical hacker’) is an individual who systematically tests the security of your various business systems through a variety of different processes.
Most small and medium businesses are easily hacked and therefore vulnerable to cyber-attack as their security systems are weak, their cyber security budget is too small, or they have poor management buy in. Penetration testing will confirm where the weaknesses lie and will allow experts to be in a position to plug the gaps.
Penetration testing, as well as covering your computer and network based activities, also examines the contribution that owners, executive officers and employees make towards your secure operations. Are your managers, executives and employees sufficiently risk averse? Routinely protecting passwords, filing sensitive information securely and restricting unauthorised access to workplaces, data and programmes are all key to safeguarding the security and reputation of your company and their customers
Are your systems handling client sensitive data, in particular payment card information? If so, you need to undertake a repeated series of system penetration tests to illuminate any shortcomings in networks and systems that otherwise seem to be holding sensitive data securely.
Are you routinely considering the risk of importing malware and other programmes designed to interfere with your secure operations? Now is the time to consider what may seem to be the doomsday scenario of a computer system collapse and put some penetration testing in hand. A successful series of penetration tests will also enable you to obtain insurance against cyber- attack at a reasonable premium.
THE 2-SEC DIFFERENCE
At 2-sec we have a number of expert professional pen testers who are able to carry out the several main types of test that reflect the different ways that your information-handling systems may be vulnerable to attack:
- Network Penetration Testing
- Application Penetration Testing
- Website Penetration Testing
- Physical Penetration Testing
- G-Cloud Penetration Testing
- Social Engineering
If you have just started researching penetration testing companies, you will be aware that there are lots of options – from a simple automated pentesting software scan right through to a full-scale bespoke information security audit and consultancy. 2-sec is one of the leading companies to provide penetration testing to companies in Europe and beyond. 2-sec’s strengths include:
Understanding a Client’s Business Processes
Unlike simple automated penetration testing, 2-sec ensures that their pen testers have the skills to be able to understand a client’s real world business processes. This involves a review of all the computer, network and human systems from the perspective of the cyber attacker and how any attacks will affect a business processes, staff, stakeholders and a company’s reputation.
Effective Communication Skills
Penetration Testing is a very complex subject, and one of the main issues the industry faces is communicating possible threats and security advice to a client so that they understand the advice and necessary actions. Many pen testers are excellent at technical aspects but have poor communication skills, and the inability to explain technical problems to non-IT literate individuals. Here at 2-sec, our pen testers have the expertise and real world understanding to communicate effectively with pragmatic and practical advice to any level of management or employee.
State of the Art Industry Knowledge
Ethical hacking is a very fast moving industry, and new attack methods are continually being developed by cyber-attackers against different types of targets and systems. It is extremely important that pen testers remain abreast of all new emergent knowledge. 2-sec penetration testers have the industry and ethical hacking contacts to be able to remain as up to date as possible. Our team is sought after as speakers on the “white-hat” conference and seminar timetable, and have advanced knowledge of the pen testing trade.
Michael Kemp, a 2-sec Senior Penetration Tester has over ten years of experience in security testing career and is one of few business-class penetration testers that can liaise effectively at an executive level. He is well aware of the possible vulnerabilities that may exist within many corporate systems.
“As well as identifying vulnerabilities in your systems, 2-sec creates detailed penetration testing reports that provides accurate and actionable advice on how to fix these problems. What makes our approach unique is that we also help you understand what business processes or deficient security controls led to these issues in the first place. Finding vulnerabilities is the first step, but actually communicating effectively with the client, and providing advice on how to protect their systems is one of the most important things that we can do – effective communication allows 2-sec to protect a company today and into the future.”
Robin Wood is a Senior Penetration Tester at 2-sec and is very active and respected within the ethical hacking industry. He has significant web application development experience, which means he can not only find flaws in applications fast, but can also liaise with developers and tell them how to fix them. He comments,
“It is important that pen testers have a finger on the pulse of the hacking community, to understand developing threats and new ways to exploit company vulnerabilities. Here at 2-sec, we ensure that we have the most up to date knowledge of accessibility, web site security and database development to ensure our clients’ systems are rigorously tested and all vulnerabilities identified. “
For more information on 2-sec’s penetration testing team and expertise please contact on 0844 502 2066 or email CEO Tim Holman on tim.holman@2-sec.com