Penetration Testing

What is a penetration test?

A penetration test, or “pentest,” is an authorized simulated cyberattack on a computer system or network to identify vulnerabilities and weaknesses in a system’s defenses. These tests are conducted by security professionals, who use ethical hacking techniques to find and exploit potential weaknesses before malicious actors can. The primary goal of a penetration test is to assess the security posture of a system or network by simulating real-world attacks.

Trust your Security to the professionals. Certified, experienced, and trusted.

Book a free consultation with us to get the answers you need to decide.

The Industries We Serve and Why

Small Business

may be small, but they get the bragging rights to the hardest and most often hit industry segment. Small businesses feel they will not be a target of hackers, hackers beg to differ.

“43% of attacks target small businesses” (source: PurpleSec)

Energy

is vital to our economy. It is also a prime target for adversaries as one major system shut down involving an oil or gas plant or a bulk power plant such as nuclear, weathervane or hydro dam, can spell disaster.

“77% of U.S. energy companies are vulnerable to ransomware attacks via leaked passwords” (source: Houston Chronicle)

Technology

sector is often the ground zero for cyber attacks. Valuable technology, trade secrets, patents and the willingness to adopt new technologies make this sector a soft target for adversaries.

“Technology became the most attacked industry for the first time, accounting for 25% of all attacks (up from 17%). Over half of attacks aimed at this sector were application-specific (31%) and DoS/DDoS (25%) attacks, as well as an increase in weaponisation of IoT attacks” (source: securitybrief.asia)

Manufacturing

is an industry that is underprepared for attacks. The lack of resources, and adoption of security technologies has this industry trailing behind most others. This is alarming considering the importance this segment brings to the economy.

“Attacks on manufacturing companies around the world rose 300% in 2021” according to the Global Threat Intelligence Report

Healthcare

is getting some unwanted attention. 93% of healthcare organizations have experienced data breaches. This is likely due to healthcare systems containing sensitive information that adversaries want.

“Healthcare has the highest number of attacks by ransomware over any other industry” (source purplesec)

Higher Education

needs to hit the books. Despite being an industry conducive to learning, educational institutes are far behind when it comes to security. In fact, adversaries refer to it as a “playground” for them to test their wares and hone their skills.

“41% of higher education cybersecurity incidents and breaches were caused by social engineering attacks” (source purplesec)

Finance and Insurance

are the top industries spending the most money to fight cyber crime says a recent report from Deloitte. So much so, many insurance companies are now offering cyber insurance to companies that require it due to regulation or compliance requirements.

“67% of financial institutions reported an increase in cyber attacks over the past year” (source purplesec)

Government

is forever under attack for obvious and not so obvious reasons. Political reasons, humanitarian reasons, activists, and attacks from other countries are commonplace. Government is generally slow to react and implement change or protective measures, making them a prime target.

For a comprehensive list of attacks, visit (csis.org)

Transport and Logistics

are high on the list of targets for adversaries. Disrupting transport and supply chains can be a lucrative business for them. Ransomware and malware attacks are among the top two methods adversaries use to wreak financial havoc on companies and create panic among consumers.

“The US Department is offering up to $10 million for information leading to the identification or location of the leaders behind a recent ransomware attack by the DarkSide which was a ransomware attack” (source duo.com)

Telecommunication

may include satellite companies, internet providers and telephone companies. The amount of data and infrastructure being handled by this industry makes these organizations a favourable target for adversaries.

“Telecommunications made a significant jump from sixth place in Q4 2020 to become the number-one DDoS target in Q1 2021” (source Daily Swig)

Types of Penetration Tests

Internal Penetration Testing

Internal penetration testing, also known as insider threat simulation testing, is conducted to identify and remediate vulnerabilities discovered in the internal network infrastructure. This testing not only simulates the actions of a dismissed or disgruntled employee but also takes the perspective of adversaries who’ve found an internal foothold, mimicking the techniques they might use to exploit vulnerabilities from within the network. It is highly recommended that an internal penetration test is conducted at least once a year or following any major change to the infrastructure. Conducting an internal penetration test is also required by various standards, such as PCI-DSS, ISO27001, and SOC 2.

External Penetration Testing

External penetration tests help to find and remediate vulnerabilities discovered within publicly accessible network infrastructures. The penetration test is performed by utilizing the latest techniques and exploits available, mimicking an adversary’s approach. As the external network is the most targeted segment by adversaries, it is highly recommended that an external network penetration test is conducted at least once a year or following any major changes to the publicly accessible infrastructure. External penetration tests can be performed to adhere to required security compliance standards, such as PCI-DSS, ISO27001, and SOC 2.

Cloud Penetration Testing

Cloud penetration tests are assessments that identify vulnerabilities within cloud infrastructures such as AWS, Azure, Google Cloud, etc. While most cloud service providers have standard security measures in place, each organization is responsible for their own security. Due to the numerous options/flexibility available through cloud service providers, and the complex systems that utilize them, new security flaws and/or vulnerabilities likely to be discovered. Cloud Security Assessments ensure that the security of your systems, as well as any cloud-hosted assets are as secure as possible.

Web Application Penetration Testing

Web application penetration tests are conducted to help identify and address vulnerabilities in web applications that could be exploited by adversaries. Web applications are very common and often complex, making them vulnerable to exploitation due to improper coding or configuration. These applications contain valuable, sensitive information that is vital to a company’s operations, making Therefore, web application penetration tests are essential to ensure the security and stability of the application.

Features

eLearning Campaign Strategy Session

Pre-launch meeting with the client to define scope and determine goals for the training.

eLearning Campaign Results Review Session

Post-campaign sessions to discuss the results of the training. Measure effectiveness, address learner shortcomings, make suggestions for the next training campaign.

Advanced Reporting

Keep track of your company’s return on investment by utilizing our powerful reports that provide important information on user activity, progress, test results and more. Training access is provided through our cloud-based learning management system portal.

No Charge Updates

Cybercriminals never rest, and neither do we. As new discoveries are made that pose a risk to our customers, new content is created and delivered at no extra cost.

Unlimited Use

Courses and lessons are made available 24/7/365 through our cloud-based learning portal.

Group and User Focused Content

One size does NOT fit all. Our lesson content can be matched to a specific user or group, enhancing the user experience.

Interactivities, Scenarios, Adventures, Gamification and Badges.

Intuitive activities and challenging games are made available as standard features. Earn badges upon successfully completing a lesson and navigate your way through multiple situational scenarios that assess user knowledge.

Alerts & Announcements – Security Tip of the Day

Important alerts and announcements such as new lessons, updates, and upcoming events can be issued to the end user through our learning portal.

Company Document Repository

Store important documents, such as company security policies and guidelines, directly in the portal. These documents are easily accessible to the end user for reference and proof of acknowledgment while taking the lessons.

Support

Email support provided within 24 hours of a reported issue.

Quizzes and Tests

Throughout the lessons, learners will come across quizzes designed to assess their understanding of the topics. These quizzes do not contribute to the final grade but offer valuable feedback on the learner’s progress. At the conclusion of each lesson, brief multiple-choice questions are presented. The responses to these questions directly influence the final lesson grade.

SCORM Compliant

All course and lesson content is exportable to meet SCORM compliance standards.