How Pen Testing Can Improve Your Council's Cyber Security

“Criticism may not be agreeable, but it is necessary. It fulfils the same function as pain in the human body; it calls attention to the development of an unhealthy state of things."

One of our team members recently shared this Winston Churchill quote, taken from a 1939 interview, around the office. Interestingly, it reminded us of penetration testing (or pen testing for short) and why it's so important. You might be wondering how in the world criticism and pen testing could be related. Allow us to explain.

Pen testing uses proven methods to simulate a real cyber attack on your network, to evaluate the strength of your IT security and identify any weaknesses. Pen testing's strength is that it's realistic. It keeps you a step ahead of cyber criminals by leveraging outside expertise and showing you the extent to which your systems could be exploited. After completion, you are given a concise report to help you make informed decisions about how to improve your IT infrastructure.

As Winston Churchill clearly realised, it's not always easy to hear criticism. Many organisations and businesses think that once they've established a cyber security programme, it should just run automatically in the background and be sufficient to stop any threats. The idea of pen testing to deliberately identify any shortcomings is uncomfortable. After all, who wants to be told that they aren't sufficiently protecting their data or network?

One sector that is incredibly vulnerable to cyber attack is local government or councils. Many assume that because they are small, they aren't a valuable target for cyber crime. In fact, the opposite of this is true. Smaller councils are 'in the crosshairs' because cyber criminals assume they are unprepared!

According to 2017 research by Malwarebytes, 76% of local councils had experienced a cyber attack (malware, a virus or trojan), and 50% were victims of ransomware in the previous 12 months! Additionally, most of the 38 councils consulted in the study said that their existing legacy systems were inadequate to deal with modern cyber threats.

At SysGroup, we have experience working with organisations like the Mole Valley District Council and the North Wales Police to modernise and update their legacy IT systems. These are examples of local government taking a proactive stance to build resilience into their network.

Here are a few reasons why local government should consider pen testing:

• Long-term savings - The impact of a data breach or cyber attack would be devastating on most local councils, threatening vital services and adding undue pressure to budgets. Pen testing is an investment that truly pays off.
• Access to expertise - Pen testing enlists the help of third-party cyber security experts to assess your network and help you understand its strengths and weaknesses better. This allows you to focus your time and efforts on community initiatives and innovation, while the 'ethical hackers' on our team get to work on your behalf.
• Data Protection - Local governments control sensitive data, and in order to comply with important legislation and maintain the trust of your residents, your IT infrastructure must be secure. After a pen test has been completed you'll receive the concise report to help you to improve, modernise and strengthen your network.

Are you interested in hearing more about the types of pen testing we offer at SysGroup?

Read our blog post explaining 'black box' and 'white box', 'full' and 'lite' and everything you need to know!

Have some questions? Get in touch with our team today.