sb-nz logo
Story image

Penetration testing: How you can manage it the easy way

20 Feb 2017

Why should I get a penetration test?

The simple answer is to provide assurance that your IT infrastructure (websites, remote access, mobile devices, internal systems, client data) isn’t vulnerable or can’t be easily attacked or exploited.

Penetration testing is like crash testing in the automotive industry and it should be carried out by an independent body. You wouldn’t trust a car maker to say that “everything is fine” and this has passed our tests with flying colours.

When should I get a penetration test?

Regular testing (at least yearly) provides a very good insight into your IT systems and overall IT processes (patching, documentation, outsourced provider capabilities) from an IT security perspective.

What will it cost?

Typically most engagements (website review, internal systems review, privacy or outsourced provider reviews) can be done in under a week (onsite). Budgets are typically around the $8 to $10k range.

What will I receive?

A comprehensive written report which outlines (in business language) what testing was undertaken and what the results mean.  This will include comments around what risks or reputational losses could be caused by any of the vulnerability’s identified. 

A good security company would follow this up with an onsite client meeting so that the business understands clearly what is contained within the report. 

Technical audiences will appreciate that we include screenshots and full reproduction techniques in our reports which provides for confirmation and easy remediation (retesting) of any issues identified.

What happens if I do nothing?

Security testing is like insurance, you might get away without it for a small period of time however sooner or later the hackers and automated Internet scanners will find your weak links. 

These may be exploited and cause reputational and financial losses to your business. Worst case is you will be in the newspaper or online media having to defend why you did nothing.

Keen to find out more? Lateral IT Security can help you with your penetration testing. 

Story image
Why IT and HR must work together to help businesses weather the storm
Employers are striving to balance team productivity, security and employee engagement. If remote work is the new norm, it’s impossible to ignore the challenging nature of the situation, writes Gigamon manager for A/NZ George Tsoukas.More
Story image
Why organisations should wise up to the DDoS extortion trend
While it is essential to have a DDoS mitigation solution in place, it’s also important to test that it works as expected, writes NCC Group director of technical security consulting for Asia Pacific Tim Dillon.More
Story image
Protegrity rolls out updates to data protection platform
Protegrity has updated its Protegrity Data Protection Platform to better secure sensitive data in hybrid-cloud, multi-cloud and SaaS environments.More
Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
COVID-related email subjects biggest threat in phishing scams
Coronavirus-related email subjects remain the biggest threat in phishing scams, a new study has found.More