Would you pay someone to break into your office to test your security system? Do you crash your car to check the airbag operation? How about that parachute before you jump from a perfectly good airplane? Birth control? Did Tarzan check all those vines before he jumped to the next one and started swinging?
These questions are not dissimilar to security and penetration testing for your business. Organizations that have let their security maintenance lapse, especially with regard to patch and replace protocols, are the ones most affected by ongoing attacks, or a ‘hack’
During the first half of 2017, the UAE averted 561 cyber-attacks on both public and private websites, according to DEWA’s CEO.
Saeed Mohammed Al Tayer, MD and CEO of Dubai Electricity and Water Authority, unveiled this during his opening address at the Enterprise Risk Management (ERM) conference. He added that the computer emergency readiness team at the Telecommunications Regulatory Authority (TRA) stopped the attacks in the first half, which accounted for 53% of the total attacks in 2016.
“This reflects the high frequency of hacking attempts on public and private websites,” he said.
From the 561 cyber-attacks, 284 attacks were made on government and semi-government websites and 277 attacks on private-sector websites.
How can I defend my business?
Regular updates as part of an annual maintenance agreement and ensuring the best practice in ‘patch and replace’ protocols is one important step. Careful planning and using good security basics – like using VPN and SSL – will keep your data safe until you can get your devices patched and updated in the short term.
Security consists of protection, detection and response–and you need all three to have good security. Before you can do a good job with any of these, you have to assess your security. And done right, penetration testing is a key component of a security assessment.
There are a lot of different ways that penetration testing is described, conducted and marketed. Often confused with conducting a “vulnerability scan”, “compliance audit” or “security assessment”, penetration testing stands apart from these efforts in a few critical ways: