Penetration testing or ‘pen testing’ is the most effective way of demonstrating that exploitable vulnerabilities within your company’s internet-facing resources have been identified, allowing suitable patches to be applied.
The aim is to identify browser exploits, un-patched software, un-secure coding practices and weak encryption algorithms. A penetration test must be conducted by a certified ethical penetration tester, who will use their expertise to identify specific weaknesses within an organisation’s security arrangements. This involves simulating a malicious attack on an organisation’s information security arrangements, often using a combination of methods and tools.
Threats are constantly evolving and changing.
It’s not a question of if you will be attacked, but when.
Even if you are a relatively unknown organisation of little apparent interest to an attacker, criminals’ automated scans will find your presence online.
- More and more applications are directing traffic by default through http to bypass firewall rules.
- Malware can be downloaded automatically.
- Websites can be infected by code injection, cross-site scripting and other similar black-hat hacking techniques.
- Your website traffic can be hijacked.
- Blacklisting by major search engines can cause you to lose business.
It is easy for new vulnerabilities to be identified and exploited by criminal hackers. In many cases, you won’t even know that your defences have been successfully breached until it’s too late.
Which test best suits my organisation?
Here at ilicomm Technology, we present the vulnerabilities and risks to the organisation once the test has been conducted, along with recommendations for remedial action, which are displayed as facts in an easily understandable report.
Our bespoke penetration tests deliver cost-effective and practical solutions that will help you meet your legal, regulatory and contractual requirements.
Still not convinced?
The volume of data breaches and cyber attacks that marked 2015 could be appropriately described as a ‘cascade’ or ‘torrent’, or perhaps ‘maelstrom’.
There have been breaches of highly sensitive data (including that of children), targeted attacks on government agencies such as the US’s OPM and Germany’s Bundestag, and an alarming number of well-orchestrated DDoS attacks.
Money has been stolen, data has been swiped and lives have been ruined.
However, I must not fail to mention the fantastic work law enforcement agencies around the world have been putting in to bring justice down on the cyber criminals causing havoc this year. As Stuart Winter-Tear recently called it, 2015 has been the year of collaboration, and we can only hope to see the same in 2016.
By our calculations, which is counting up all of the available numbers on the stories that we have reported each month, we are at 487,731,758 leaked records in 2015. It’s very likely that the final number is significantly higher, but we know that there’s been at least 487,731,758.
Below we have listed the known breaches and attacks that have taken place in 2016 alone.
January – 57,740,000
US health insurer Centene loses 950,000 people’s records
Asda website leaves customer details vulnerable for 677 days
Etihad Airways investigating data breach dating back to 2013
Wendy’s Probes Reports of Credit Card Breach
Bitcoin Worth $USD 6 Million Stolen
Hackers have stolen €50 million from an aerospace parts manufacturer
February – 428,000
Linux Mint hacked – lone attacker creates botnet
Lincolnshire Council forced to use pen and paper after ransomware attack
@ChileanCrew Hacks, Leaks Details for 300,000 Chilean Citizens Looking for State Benefits
9000+ Department of Homeland Security staff have their details leaked by hacker
March – 20,018,962
3,000 Tidewater Community College workers victimized in W-2 scam
Attacker compromises information of 250K in Bailey’s data breach
Cyber criminals steal $25 million from Russian banks via phishing attack
Rosen Hotel chain was hit by credit card-stealing malware for 17 months
April – 166,687,282
Minecraft community lifeboat suffers data breach affecting seven million members
CoinWallet Bitcoin Trader Shuts Down Following Data Breach
93.4 million Mexicans at risk after voter database breach
BeautifulPeople.com Leaks Very Private Data of 1.1 Million ‘Elite’ Daters — And It’s All For Sale
ShapeShift loses $230,000 in bitcoin data breach – ex-employee to blame
Trump Hotel chain suffers data breach again
May – 117,339,372
MySpace and Tumblr hit by ‘mega breach’
117 million hacked LinkedIn email addresses and passwords put up for sale
Kiddicare customers at risk after data spills from test server
EPISD employee accounts hacked, money stolen
Payroll vendor employee falls for phishing scam, all clients’ W-2 data involved
1.4 Billion Yen Stolen From 1,400 Japanese ATMs
June – 289,150,000
154 million voter records exposed, revealing gun ownership, Facebook profiles, and more
77K accounts of Financial Giant, State Farm, leaked due to DAC Group Hack
Muslim Match dating website hack exposes more than half a million intimate messages
45 million records from over 1100 Verticalscope.com domains and communities hacked and leaked
51 Million iMesh Passwords Dumped Online
Personal info on 7.93 million people feared leaked
July – 34,195,351
King’s counselling department breaches students’ privacy
Athens Orthopedic Clinic to begin notifying patients of hack
WikiLeaks Put Women in Turkey in Danger, for No Reason
10 million customer’s data leaked from online shopping site
‘Warframe’ Hacked, Details on 775,000 Players Traded
Illinois online voter registration portal hacked, information compromised
August – 11,875,817
Omegle, the Popular ‘Chat with Strangers’ Service Leaks Your Dirty Chats and Personal Info
Data for 6 Million Minecraft Gamers Stolen from Leet.cc Servers
SCAN Health Plan notifying members of unauthorized access to their information
Dominican Hospital notifies patients whose PHI was sent to wrong health plan
Epic’s forums hacked again, with thousands of logins stolen
Turkish Hackers Launch Second Cyber-Attack on Killeen’s Website
Defense university computers hacked, ‘information secure’
Olympics: Hackers attack Russian whistleblower’s doping account
September – 105,400,000
Florida Bar Association hacked, members’ data leaked
6.6 million plaintext passwords exposed as site gets hacked to the bone
Russian hackers leak Simone Biles and Serena Williams files
Russian internet giant Rambler.ru hacked, leaking 98 million accounts
Login details for 800,000 Brazzers users leaked
MarsJoke ransomware targets the government and K-12 educational sector
A single ransomware network has pulled in $121 million
October – 142,160,000
Medical marijuana patients’ personal information found in trash pile
Security Firm Tries Desperate Solution to Alert Company of Data Leak
Hacker grabs over 58 million customer records from data storage firm
Hutchinson Community Foundation falls victim to data breach
DDoS attack against DNS provider knocks major sites offline
Whoops: Pro-Donald Trump super PAC publishes donor credit card numbers
Hackers stole credit card data from Republican website for 6 months
November – 456,403,757
Department of National Defence investigating possible hack of its recruiting site
Over 412 million ‘adult’ accounts exposed – including 15 million deleted ones
Ransomware attack targets Seguin dermatology practice
Report holds Hitachi responsible for debit card data theft
Thieves Use Skimmers on ATMs in Four NYC Hospitals
Madison Square Garden Company Alerts Customers of Payment Card Data Breach
Data of 34 million Keralites leaked in massive breach
December – to be updated
85 million login details stolen from Dailymotion
Joan Jett’s BlackHeart Records leaks thousands of files online
KFC warns 1.2 million Colonel’s Club loyalty scheme members of data breach after website hacked
Japanese hosting company Kagoya hacked; credit card data stolen
ThyssenKrupp secrets stolen in ‘massive’ cyber attack
Yahoo’s billion account database for sale on the black market