What is penetration testing and how does it protect your business? Adam Boland of SES explores how penetration testing enables you to identify weaknesses in your organisation’s cyber security.

What is penetration testing?

Online attackers are constantly developing new threats and finding ways to breach their targets' defences. These attacks can cause your business serious damage and disruption.

Penetration testing involves highly trained security consultants attempting to breach your organisation’s security, using the same tools and techniques a malicious attacker would use, to expose any weaknesses which exist in your security. Once these weaknesses have been identified, the next step is to provide advice and guidance on how to fix these weaknesses and strengthen your security.

How does penetration testing work?

Penetration testing is performed in the same way an online attacker would attempt to discover and exploit weaknesses in your security which automated tools may not be able to identify. This manual testing is essential to validate the security of your organisation’s most important assets, such as forums or websites which require login details.

It’s recommended that organisations perform penetration testing every year, as well as after a major version change or upgrade to ensure any weaknesses are identified and can be fixed before they are exploited. In addition, it’s recommended that regular ‘vulnerability assessments’ are performed to regularly scan your systems for more vulnerabilities.

What can be tested with penetration testing?

Your organisation’s networks are not the only vulnerable part of your business. Security risks can be found in all aspects of your organisation, from the hardware you use to the processes you follow. As such, penetration testing performs:

• infrastructure penetration testing – aims to identify weaknesses across your organisation's IT infrastructure that could expose you to risk
• web application testing – examines public-facing and internal web applications
• wireless testing – explores your organisation's wireless networks, access points and encryptions
• IT health check – an enhanced penetration test required by government departments, public sector bodies and organisations connected to government systems

What are the benefits of penetration testing?

There are many benefits to penetration testing, including:

• protection – essential for organisations with a large web presence or remote access as there are many different attack vectors to exploit
• manual testing techniques – utilises manual testing techniques to demonstrate how a malicious individual would attempt to breach your organisation
• comprehensive reporting – the comprehensive final report details the resilience of your existing defences and key areas of weakness for remediation
• minimise your risk profile – regular testing helps minimise your risk profile and contributes greatly to the protection of your income, clients and reputation
• security of personal data – with the introduction of GDPR, regular security testing is a good way of evidencing the security of personal data processed on IT networks

About the author

Adam Boland is an Account Director at SES and has 18 years’ experience protecting businesses continuity with Software Escrow and Cyber Security protection. SES protect over 2,500 Software Developers, IP Owners, Distributors and End Users in over 40 countries across the world.

See also

Phishing: What is it and how can you protect your business?

An introduction to Software Escrow

How to protect critical applications with a SaaS Escrow Agreement

Why email encryption is essential to your business

Find out more

Penetration Testing (NCSC.GOV)

Image: Getty Images

Publication date: 3 June 2021

Any opinion expressed in this article is that of the author and the author alone, and does not necessarily represent that of The Gazette.