, the fast-growing cyber security services provider and a CREST member company, is warning organisations that failure to conduct penetration testing can result in their networks being easily exploited by cyber criminals.
In a dedicated pen testing webinar Geraint Williams, QSA and Senior Consultant at IT Governance, stressed the importance of penetration testing for safeguarding organisational data.
Geraint said, “With the increasing complexity of website and network software, more security holes are being introduced. Security researchers are publishing information on vulnerabilities they discover. Announcements about exploitable vulnerabilities are often made public knowledge before systems are patched, which allows people with malicious intentions to exploit these weaknesses.
“Organisations are at a significant risk from attacks through automated botnets and automated scanning tools that test the ‘attack surface’ to see if there are any vulnerabilities that can be exploited. Any successful attack will incur significant remediation costs, loss of productivity and reputational damage. ‘Not testing’ could be a very costly process.”
Apart from ensuring better protection of an organisation’s information assets, penetration testing brings other tangible benefits including:
Demonstrating regulatory compliance.
Showing due diligence in protecting information.
Providing assurance that controls are being implemented effectively.
IT Governance offers a series of fixed-price, consultant-driven penetration tests (Level 1) that are aimed at testing specific vulnerabilities within a predetermined scope which an organisation could be exposed to. These tests are: