Why should I get a penetration test?

The simple answer is to provide assurance that your IT infrastructure (websites, remote access, mobile devices, internal systems, client data) isn't vulnerable or can't be easily attacked or exploited.

Penetration testing is like crash testing in the automotive industry and it should be carried out by an independent body. You wouldn't trust a car maker to say that “everything is fine” and this has passed our tests with flying colours.

When should I get a penetration test?

Regular testing (at least yearly) provides a very good insight into your IT systems and overall IT processes (patching, documentation, outsourced provider capabilities) from an IT security perspective.

What will it cost?

Typically most engagements (website review, internal systems review, privacy or outsourced provider reviews) can be done in under a week (onsite). Budgets are typically around the $8 to $10k range.

What will I receive?

A comprehensive written report which outlines (in business language) what testing was undertaken and what the results mean.  This will include comments around what risks or reputational losses could be caused by any of the vulnerability's identified.

A good security company would follow this up with an onsite client meeting so that the business understands clearly what is contained within the report.

Technical audiences will appreciate that we include screenshots and full reproduction techniques in our reports which provides for confirmation and easy remediation (retesting) of any issues identified.

What happens if I do nothing?

Security testing is like insurance, you might get away without it for a small period of time however sooner or later the hackers and automated Internet scanners will find your weak links.

These may be exploited and cause reputational and financial losses to your business. Worst case is you will be in the newspaper or online media having to defend why you did nothing.