Penetration Testing provides visibility into aggregations of misconfigurations or vulnerabilities that could lead to an attack. We first find vulnerabilities and then attempt to exploit them to move deeper into the enterprise infrastructure.
When comparing 2017 to 2018 figures there was a 350% increase in detected ransomware attacks and a 70% increase in detected spear-phishing attacks.
Hacktivist, criminal and nation state hacking groups continue to learn techniques and methodologies from each other, which in turn leads to more sophisticated attacks. As cyber-attacks become more and more common in the modern economy, there are now very few organisations that do not have to consider the risk of being hacked.
Companies that are concerned about the risk of being hacked need a way to evaluate how exposed their assets are to hacking and the type of attacks they are likely to face.
The first step in understanding how exposed you are to cyber-attacks is to look for security vulnerabilities and then exploit them in a controlled way to understand the potential impact. By investigating your security vulnerabilities in a secure environment, you can begin to understand how to mitigate those vulnerabilities.
Application Penetration Testing attempts to exploit vulnerabilities and determine whether unauthorised access or other malicious activity is possible, benchmarked against the OWASP Top 10. Before the deployment and release of new applications, Penetration Testing is a critical component in any comprehensive release plan.
When new infrastructure is being deployed into your environment and is stable, a Penetration Test should be conducted before it is promoted into production. The test should consist of both manual and automated testing and should be conducted with the tester having both privileged and normal user access for the most benefit to your organisation.
Penetration Testing allows you to not only minimise the risk to your own business, but also to those suppliers who have a trust relationship with your technology. A company’s supply chain is now a key target for hackers in order to circumvent your security through a trusted partner.
Organisations must be aware of what critical assets are at risk and to be able to identify and mitigate complex security vulnerabilities before an attacker exploits them. By understanding how the most sophisticated attackers operate, based on intelligence gained, organisations can begin to attain realistic findings and recommendation for remediation and future protection.
We use the technical findings and their recommended remediation steps to consolidate our risk analysis into a report. Risks are scored using 6point6’s unique scoring scheme which is based on CVSSv3 and our wealth of experience working in both the private and public sectors. This provides a uniform way to rank risks across diverse platforms and facilitates remediation planning.
The report will provide you with a detailed analysis of all findings for technical readers as well as a high-level executive summary, along with steps required to remediate any vulnerabilities and findings both now and for the future.
Operational Resilience is a vital part of protecting our financial institutions and their customers and the regulators want you to do more. The Bank of England, the PRA and the FCA have coordinated their approach to ensure that the whole UK financial services landscape runs smoothly even when the challenges are increasingly demanding.
Plenty has been written about the £99.2m fine issued to the Marriott group by the Information Commissioner's Office (ICO) last year. As we all know by now, it was given to the hotel chain for its mishandling of a hack that led to the records of 383 million guests being compromised.
Speak to our experts in: