Don't worry. It doesn't hurt! A penetration test (regularly referred to as a 'pentest' - although no pens are involved) is a form of cyber security assessment conducted by a trusted security professional (or team of professionals). Organizations will arrange a pentest to get a sense of the security posture of the business or solutions offered by the business.
The theory is simple: engage the 'good guys' to do exactly what the 'bad guys' do, in the hope of finding and fixing problems before our more nefarious friends have a chance to cause us grief. A pentest will give the organization a simple view of where their weaknesses are, a professional opinion on severity and impact, and steps to remediate or mitigate these issues.
So why might a pentest be a good idea for your business? Some cyber security professionals joke that companies are getting pentests all the time, the only difference is, if you're not paying, you're not getting the report! By this, they're meaning for example that your website is under constant attack, and may have already been compromised--but since the attacker isn't on your payroll, they're not likely to let you know.
I've had the privilege of performing penetration tests for major financial institutions, IT companies, civil engineering giants and even law enforcement agencies. You'd be amazed how simple mistakes can leave the door open for hackers to cause havoc. By finding and highlighting these issues, these organizations have been able to close the door on these attacks.
There's a great deal of room for scope in a pentest engagement: perhaps you just want your web site tested; other times, it might be to test your internal IT systems. In rare cases, it may also include a physical component to test how well your offices are protected against physical threats. We all rely on our IT and online systems, so perhaps it might make sense for you to arrange a pentest soon and make sure that things are as well protected as we think they are.
- Log in to post comments