A “Pen” test in its simplest form is a audit of your network against known vulnerabilities and attacks that match your hardware and software. This audit is then put into a report which clearly shows what information is publicly available, what weaknesses can be attacked and most importantly how to repair, patch, prevent, and reduce the footprint for attacks.
A lot of new contracts, tenders, and work proposals now require evidence of regular pen tests, most commonly in the public sector and legal/financial, but in the last few years it is becoming the standard common sense to try and prevent attacks, damage and loss of personal data.
A Pen test alone does not stop or prevent attacks, but gives you the information to build a better more secure network.
There are many types of traffic that flows across your business but a good line of defence is an Intrusion Detection System or IDS, this is a smart piece of software that sits inside your business looking at patterns in your traffic, and if anything falls outside that pattern can trigger alerts of block the traffic.
An example of this if your network traffic averages a certain amount, then one day large transfers happen, the system will flag this so that either staff can investigate or the traffic can simply be blocked.
Another example is if all of your data is usually within 1 – 2 countries then suddenly access is detected from a non usual country, it can simply be blocked.An IDS system again alone will not stop hacks or breaches but becomes another line of defence for your business.
The most common way into a network is through the staff, from clicking on malicious emails, to using non authorised devices like USB/DVDs, visiting dangerous websites, and believe it or not simply talking and giving away information that can compromise or fully breach a network.
Staff should not be reprimanded for not knowing the most up to date tactics of hackers, they have other priorities of doing their main jobs. One of the biggest steps a business can take is to educate its staff against methods commonly used. This can be done a few times a year up to weekly/monthly. From group talks to emails. Keep it simple, concise and relevant.
Education and knowledge are some of the most powerful tools your staff and business can ever have.