We get asked all the time what’s the point? Am I really exposed to risk here? How important is penetration testing? The bank would cover any money I lost anyway right? Well before I get started I’d like to share a quick story of a Financial Adviser based in Melbourne.
They as many people thought their money was protected and earlier this year had 300k+ fraudulently removed from accounts. They didn’t have cyber insurance but the banks did refund the money approximately 3 months later. On the down side they were not able to make pay roll, lease payments or Tax liabilities which ultimately sent them bankrupt.
Now the exploit used was a very simple key logger that could easily have been prevented with some basic protection. The IT company appeared to be doing a great job as the computers ran well, great up times and response times but they didn’t have their eye on the ball with security. Antivirus and a firewall simply doesn’t cut it these days. Companies need intrusion protection, vulnerability scanning and most importantly regular third party Penetration Testing.
A useful tip we give to our clients is ask your IT company this… Can you give me a report today on our vulnerability Scans? If they hesitate or advise they can get it to you next week then they are not doing any. It takes 30 seconds to run a report when scans are being run daily. At this point you should be alarmed and getting third party Penetration testing completed pronto.
Don’t be low lying fruit or an easy target. Security isn’t rocket science – it’s simply risk mitigation by not being vulnerable to simple exploits.
As always folks keep on top of your security and have a fantastic Christmas and New Year from the team @ Ctrl IT