Story image

Penetration testing: How you can manage it the easy way

20 Feb 17

Why should I get a penetration test?

The simple answer is to provide assurance that your IT infrastructure (websites, remote access, mobile devices, internal systems, client data) isn’t vulnerable or can’t be easily attacked or exploited.

Penetration testing is like crash testing in the automotive industry and it should be carried out by an independent body. You wouldn’t trust a car maker to say that “everything is fine” and this has passed our tests with flying colours.

When should I get a penetration test?

Regular testing (at least yearly) provides a very good insight into your IT systems and overall IT processes (patching, documentation, outsourced provider capabilities) from an IT security perspective.

What will it cost?

Typically most engagements (website review, internal systems review, privacy or outsourced provider reviews) can be done in under a week (onsite). Budgets are typically around the $8 to $10k range.

What will I receive?

A comprehensive written report which outlines (in business language) what testing was undertaken and what the results mean.  This will include comments around what risks or reputational losses could be caused by any of the vulnerability’s identified. 

A good security company would follow this up with an onsite client meeting so that the business understands clearly what is contained within the report. 

Technical audiences will appreciate that we include screenshots and full reproduction techniques in our reports which provides for confirmation and easy remediation (retesting) of any issues identified.

What happens if I do nothing?

Security testing is like insurance, you might get away without it for a small period of time however sooner or later the hackers and automated Internet scanners will find your weak links. 

These may be exploited and cause reputational and financial losses to your business. Worst case is you will be in the newspaper or online media having to defend why you did nothing.

Keen to find out more? Lateral IT Security can help you with your penetration testing. 

Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
Kordia launches Women in Tech scholarship at the University of Waikato
The scholarship is established to acknowledge and support up-and-coming female talent and future technology leaders.