When Was Your Last Information Security Check Up?

Mar 29, 2016 10:00:00 AM |

Mike Skinner

Social Share:

IT_Health.jpgMaintaining information security today is, in many ways, similar to maintaining your personal health. Yearly check-ups and health screenings could detect a potential problem. If a problem is detected, more invasive procedures are performed to get a definitive diagnosis before laying out a treatment plan.

A similar process can be followed in cybersecurity. Traditionally, companies receive vulnerability scans which may or may not accurately detect a threat. Once a potential threat is detected, security professionals may conduct penetration testing to explore those threats to see if there is really anything there.

Smart organizations go beyond periodic automated scans to testing their systems with the highest levels of advanced penetration testing.  This has the potential to identify vulnerabilities that can be remediated before a breach.

Like exploratory surgery, advanced penetration testing uses the skill and experience of a professional team, not a scripted tool, to identify and verify vulnerabilities in an organization that can lead to a compromise by a real attacker. Although this might sound like the same goal as annual scanning, the difference lies in its complexity and level of verification.

When penetration testing is performed by humans emulating the persistent, aggressive actions of true attackers, the results far exceed what most of today’s vulnerability scans and assessments provide.

Consider our healthcare analogy. If a doctor is sick, he or she will typically see another doctor to be treated. To ensure objective diagnosis and effective treatment based on specialized experience, “being your own doctor” simply is not advisable.

Similarly, in cybersecurity, it is important to have a third party conducting your penetration tests. It is extremely difficult to effectively explore vulnerabilities within an organization’s own deployments, as most IT staff lack the focused specialization of full-time cyber operations professionals, and may not have the level of detachment and objectivity needed to effectively test every potential vulnerability.

At HORNE Cyber, our penetration testing is driven by an elite team of hackers. Our team understands security at the highest level. We specialize in conducting a fully hands-on test, simulating the advanced persistent threat, analogous to the invasive procedures a doctor might use to fully examine an ill patient, head to toe. We use a hacker’s mentality to identify risks, uncover vulnerabilities others may miss and then guide organizations to determine the best next steps to protect the health of their organization from the threat of cyber crime.

How are you protecting your organization from cyber attacks? As cyber attacks become more sophisticated, it is imperative to start thinking beyond a simple scan, to a full invasive procedure.

 

For weekly insights into cybersecurity, please sign up here:

Subscribe to HORNE Cyber Blog

COMMENTS

THIS POST WAS WRITTEN BY Mike Skinner

Mike is the partner in charge for HORNE Cyber. His primary focus is to enable clients to fully leverage technology innovations by providing the insights critical to safeguarding their business, customers’ critical data and brand reputation. He is responsible for information technology audit, regulatory compliance, information security consulting, internal control consulting and business solution implementation.

Find me on: