One of our team members recently shared this Winston Churchill quote, taken from a 1939 interview, around the office. Interestingly, it reminded us of penetration testing (or pen testing for short) and why it's so important. You might be wondering how in the world criticism and pen testing could be related. Allow us to explain.
Pen testing uses proven methods to simulate a real cyber attack on your network, to evaluate the strength of your IT security and identify any weaknesses. Pen testing's strength is that it's realistic. It keeps you a step ahead of cyber criminals by leveraging outside expertise and showing you the extent to which your systems could be exploited. After completion, you are given a concise report to help you make informed decisions about how to improve your IT infrastructure.
As Winston Churchill clearly realised, it's not always easy to hear criticism. Many organisations and businesses think that once they've established a cyber security programme, it should just run automatically in the background and be sufficient to stop any threats. The idea of pen testing to deliberately identify any shortcomings is uncomfortable. After all, who wants to be told that they aren't sufficiently protecting their data or network?
One sector that is incredibly vulnerable to cyber attack is local government or councils. Many assume that because they are small, they aren't a valuable target for cyber crime. In fact, the opposite of this is true. Smaller councils are 'in the crosshairs' because cyber criminals assume they are unprepared!
According to 2017 research by Malwarebytes, 76% of local councils had experienced a cyber attack (malware, a virus or trojan), and 50% were victims of ransomware in the previous 12 months! Additionally, most of the 38 councils consulted in the study said that their existing legacy systems were inadequate to deal with modern cyber threats.
At SysGroup, we have experience working with organisations like the Mole Valley District Council and the North Wales Police to modernise and update their legacy IT systems. These are examples of local government taking a proactive stance to build resilience into their network.