Testing your network security
Sophisticated cyber-attacks pose a serious threat for organizations today. Many businesses have had their data compromised due to insecure systems and a lack of safeguards. Data breaches can have serious financial and legal implications, as well as lasting reputational damage.
An effective cyber security framework should incorporate preventative, detective and corrective solutions. To test the robustness of the cyber security defenses, organizations should undertake regular:
Vulnerability assessments explore and identify weaknesses in cyber security controls. Identification is the first step in mitigating risk and creating a secure network. They can also help to validate the design of cyber security controls
Penetration tests form the next step in reviewing the robustness of cyber security defenses. These tests exploit the identified vulnerabilities, with the aim of breaching an organization’s security perimeter – thus testing how effectively security controls are operating.
Approaches to penetration testing
Technology is not infallible and nor are people. An effective penetration test should assess network vulnerabilities from both the cyber standpoint and the human element. It should mirror different types of attack (Black Box, Grey Box, Social Engineering) based on the amount of information an attacker might have or their preferred technology.
|
Black box
|
Grey box
|
Social engineering
|
|
Black box testing simulates an external attacker who does not know anything about the system. All the information the tester has is an IP address or website. This mimics an attack from a group like Anonymous.
|
Grey box testing simulates an attack from someone with partial knowledge of a system, such as an employee. The client will give the tester limited information about the target system.
|
This is where the tester attempts to gain information from company insiders through psychological manipulation. It plays on human responses to trick people into giving network access, information or passwords
|
How we can help
At Grant Thornton, our cyber security experts can develop a bespoke offensive security plan to meet your business needs and unique IT environment. We can undertake the full suite of testing or conduct individual assessments, as required. Our experts can test for vulnerabilities around particular areas of concern or help identify unforeseen issues across the network.
