Penetration testing or ‘pen testing’ is the most effective way of demonstrating that exploitable vulnerabilities within your company’s internet-facing resources have been identified, allowing suitable patches to be applied.
The aim is to identify browser exploits, unpatched software, unsecure coding practices and weak encryption algorithms. A penetration test must be conducted by a certified ethical penetration tester, who will use their expertise to identify specific weaknesses within an organisation’s security arrangements. This involves simulating a malicious attack on an organisation’s information security arrangements, often using a combination of methods and tools.
Threats are constantly evolving and changing.
It’s not a question of if you will be attacked, but when.
Even if you are a relatively unknown organisation of little apparent interest to an attacker, criminals’ automated scans will find your presence online.
- More and more applications are directing traffic by default through http to bypass firewall rules.
- Malware can be downloaded automatically.
- Websites can be infected by code injection, cross-site scripting and other similar black-hat hacking techniques.
- Your website traffic can be hijacked.
- Blacklisting by major search engines can cause you to lose business.
It is easy for new vulnerabilities to be identified and exploited by criminal hackers. In many cases, you won’t even know that your defences have been successfully breached until it’s too late.
Which test best suits my organisation?
Here at ilicomm Technology, we present the vulnerabilities and risks to the organisation once the test has been conducted, along with recommendations for remedial action, which are displayed as facts in an easily understandable report.
Our bespoke penetration tests deliver cost-effective and practical solutions that will help you meet your legal, regulatory and contractual requirements.
Still not convinced?
The volume of data breaches and cyber attacks that marked 2015 could be appropriately described as a ‘cascade’ or ‘torrent’, or perhaps ‘maelstrom’.
There have been breaches of highly sensitive data (including that of children), targeted attacks on government agencies such as the US’s OPM and Germany’s Bundestag, and an alarming number of well-orchestrated DDoS attacks.
Money has been stolen, data has been swiped and lives have been ruined.
However, I must not fail to mention the fantastic work law enforcement agencies around the world have been putting in to bring justice down on the cyber criminals causing havoc this year. As Stuart Winter-Tear recently called it, 2015 has been the year of collaboration, and we can only hope to see the same in 2016.
By our calculations, which is counting up all of the available numbers on the stories that we have reported each month, we are at 487,731,758 leaked records in 2015. It’s very likely that the final number is significantly higher, but we know that there’s been at least 487,731,758.
Below we have listed the most significant events of each month; to view the full list for each month, please click that month’s heading.
Note: The total number alongside each month is not the definitive number, please take it as the minimum number of records leaked in each month – not the total.
JANUARY – 2,057,199
Aussie Travel Cover data breach – thousands of policyholders not informed that records were stolen
Unpatched vulnerability leaves millions of Moonpig customers at risk for 17 months
19,000 French websites suffer cyber attack in ‘unprecedented surge’
Wingstop announces payment card data security incident
Park ‘N Fly confirms data breach affecting customer’s payment cards
Chick-fil-A investigates payment card data breach
Thieves target American and United airlines, dozens of free trips booked
Minecraft data breach – usernames and passwords leaked online
Wisconsin chiropractic clinic notifies 3,000 patients of insider breach
Malware infects payment card system at French Lick Resort
FEBRUARY – 102,223,313
Credit card information stolen in Big Fish Games site compromise
Banks link credit card fraud to Marriott hotels
Yet another online parking hack: Book2Park loses card data in data breach
18.8 million non-customers could be affected by Anthem breach
Russian dating site Topface pays ransom to stop 20 million hacked records being made public
MARCH – 11,342,576
Bulk Reef Supply website compromised, credit cards at risk
Malware installed at California burger joint, payment cards at risk
Hilton HHonors Awards accounts exposed by security flaw
New health care data breaches: another 11 million customer records exposed
Amazon’s Twitch game-streaming service hacked
Jamie Oliver’s website found spreading malware… again
APRIL – 2,306,312
“Dyre Wolf” online banking campaign bypasses two-factor authentication – $1 million stolen
Belgium’s biggest French-speaking newspaper goes offline after cyber attack
Data compromised in Linux Australia server breach
Costa Coffee Club members wake up and smell the data breach
Russian hackers accessed President Obama’s emails
Hyatt Gold Passport breached – user passwords reset
160,000 students compromised in Metropolitan State University data breach
370,000 Social Security numbers exposed in Auburn University data breach
MAY – 1,512,825
Bundestag cyber attack confirmed
How the Washington Post was hijacked by the Syrian Electronic Army (again)
Cyber criminals steal $3.8 million from Alaska Native corporation
Anonymous hackers steal terabyte of passwords from Italy’s Expo 2015
Jamie Oliver serves up a third helping of malware
Adult FriendFinder website breached; compromising data leaked online
Harbortouch POS malware attack – customer card data stolen
Hard Rock Hotel loses customer card data over seven months
JUNE – 22,446,450
Microsoft’s anti-surveillance site hacked
Aussie Internet provider Westnet breached – over 30,000 customers affected
FBI looks at Cardinals in Astros’ data breach
Second data breach at OPM confirmed
Millions of US government workers hit by data breach
Polish airline forced to ground planes after “IT attack”
JULY – 64,713,144
Hacking Team hacked – cyber surveillance company tells customers to stop using its software
Nursery webcam accessed by stranger to speak to parent and child
Coordinated cyber attack hits four New Jersey gambling sites
Digital media streaming service Plex hacked, forum held for ransom
Canadian Security Intelligence Service website taken offline
Detroit Zoo, eight others across the county experience POS breach
CVS and Walmart Canada Are Investigating a Data Breach
Donald Trump hotel chain hit with credit card data breach
AUGUST – 2,841,114
Ashley Madison 9.7GB data dump posted online
Carphone Warehouse hack: 2.4 million customers affected
Mumsnet founder ‘swatted’, site attacked – users urged to change passwords
Users of dating site Plenty of Fish targeted by cyber attack
Russia launches “sophisticated cyberattack” on Pentagon computers
UVA shuts down servers after cyber attack
GitHub Again Hit by a new DDoS attack
New York magazine confirms outage was result of cyber attack
SEPTEMBER – 17,085,880
London’s 56 Dean Street clinic leaks HIV status of 780 patients
800,000 fans of the Kardashians left exposed after privacy blunder
Malware sneaks into the iOS App Store. What you need to know about XcodeGhost
NCA website falls foul of Lizard Squad DDoS attack
Imgur suffers DDoS attack on 4chan and 8chan servers
Banks: Card Breach at Hilton Hotel Properties
Thousands of Lloyds Premier Bank customers have had their data “stolen” in security breach
OCTOBER – 39,754,915
Police force blames hacker after #CyberAware tweet sent out containing bogus security advice
CIA boss has his personal email account hacked… and yes, it’s on AOL
Hacked Shopping Mall CCTV Cameras Are Launching DDoS Attacks
Payment card breach at The Commons Hotel in Minnesota
EyeBuyDirect announces website breach, payment cards affected
Payment card breach at Peppermill Resort Spa Casino in Reno
NOVEMBER – 11,415,000
Eclipse staggers to feet, gets smacked by second DDoS
Norwich International Airport website hacked
ProtonMail hit by mystery DDoS attack, preventing customers from accessing their secure email
JPMorgan Hackers Breached Anti-Fraud Vendor G2 Web Services
Extortionists target CCN in a DDoS attack; 5 bitcoins bounty
U.S. Government Officials Targeted by Iranian Hackers
UK pummelled with DDoS after ISIS cyber attack warning
VTech hacked: nearly 5 million parents’ and 200,000 children’s details exposed
Breach at Securus Technologies exposes 70 million prison phone calls
Hilton Hotels admits hackers planted malware and stole customer card details
Payment card data breach affects 54 Starwood Hotels
DECEMBER – 210,033,030
JD Wetherspoon data breach 300% bigger than TalkTalk incident
Elephant Bar data breach includes 8 Bay Area sites since August
FBI: MaineGeneral Health Victim of Data Breach
13 Million MacKeeper Users Exposed
Database of 191 Million U.S. Voter Records Left Exposed Online
Threats are happening all of the time, do not wait until its too late. Get your network checked as soon as possible.