Email: info@fc-llc.org

Penetration testing is a valuable proactive security measure

by Posted on December 3, 2019

What is security penetration testing

A security plan is only effective if it works in a real world situation. However, it doesn’t make sense to wait for a real threat to occur to find out how effective your security program is. A simulated penetration test assesses the effectiveness of your current security program and provides valuable perspective needed to enhance security.

What is a security penetration test?

Penetration tests are simulations carried out by security professionals to find and exploit flaws in a security program including security systems. Since they are simulations, they pose no actual threat to an organization’s assets. However, the professionals play the part of malicious threat actors by exploiting flaws in the security program to gain access to important organizational assets. The goal of a penetration test is to obtain deeper understanding of shortcomings and flaws within a security program. Some of an organizations vulnerability can only be found when the system is put to the test.

Even sophisticated security systems can fail when put to the test. It is better for a security system to fail during a simulation than for it to fail in real-world conditions. In 2003, the Antwerp Diamond Center saw firsthand how even the best system can fail if it is not properly tested[1]. The vault in the center was thought to be impregnable. It had a myriad of state of the art security features, including IR heat detectors, radars, seismic monitors, magnetic sensors, and a lock with more than 100 million possible combinations. The thieves used simple but ingenious methods to defeat the equipment.  A can of aerosol hairspray and a plastic sheet were used to disable the IR sensors and all cameras were covered up with electrical tape. For access to the vault, the thieves completely bypassed the sophisticated lock; the key was left out in the open. The thieves had free reign of the vault and were able to make off with more than $100 million in cash and diamonds. The vulnerabilities in the Diamond Center’s security could have been caught through the use of a penetration test. In this case, state of the art security equipment did not matter because someone left the key out. Oversights like this can negate even the best security in the world.

In a series of penetration tests in 2018, security professionals were able to successfully penetrate more than 90% of the organizations tested[2]. Of the sampled organizations, more than one in ten companies never had a penetration test conducted and had no idea whether their security systems were truly effective[3]. The threat landscape is constantly evolving and requires regular and proactive security reviews to mitigate risk.

Freedom Consulting LLC, offers comprehensive penetration testing services to organizations of all sizes. Our services are custom tailored to individual organizational risks and are not limited by industry. Our highly trained security professionals expose flaws in organizational security plans and provide remediation recommendations to more effectively protect what matters most to your organization. For more info or to schedule a consultation please visit this link or email us at info@freedomconsultingservices.org.

 

 

[1] https://www.osti.gov/servlets/purl/1115483

[2] https://www.ptsecurity.com/ww-en/analytics/corp-vulnerabilities-2019/#id2

[3] https://www.ixiacom.com/resources/penetration-testing-money-spent-still-vulnerable

 

Published by RW-Freedom