Last week I talked about educating your workforce with cyber security skills. This week I draw your attention to ensuring security of your networked devices, services & protocols.
Addressing these threats requires skill and expertise in security in a ‘real-world’ capacity, employing the tools, methods & mind set which cyber-criminals themselves use to steal data in order to identify and secure ‘exploitable’ outdated or unpatched systems.
The scope of cyber-security consultancy, much like the threats it aims to protect against, include business organisations of all sizes. Cyber-criminals have become increasingly aware that smaller and medium-sized enterprises, though potentially less lucrative, are typically more at risk of exploitation through systems that have been infrequently managed and updated.
Conducting an effective range of audits as a Penetration Tester requires concise planning and communication between the consultant and client in order to establish a ‘test scope’. An agreed scope outlines the areas of a system and procedures that can be tested as well as the legal constraints associated.
This initial communication, often referred to as the ‘Pre-Engagement’, is one of six essential stages recommended within the PTES Penetration Testing Execution Standard. A guideline that governs the full scope of a security audit, right up to the ‘exploitation’ or testing of systems in order to attempt to ‘break into’ or gain access or to sensitive data within the client’s infrastructure.
Please ensure that you always engage trusted experts in this very specialist area of IT. The importance of employing certified cyber expertise is never understated.