Monday, 24 June 2013

Penetration testers


It’s a regular occurrence. Someone or something connected to the net is under attack.

Luckily, firewalls, spam filters and other standard defences stop most of those attacks. But when you become the target, your defences won’t be enough. Hackers have become more and more discreet, even a mail from your colleagues can open the door to your computer and data.

How do we defend ourselves and our companies from such attacks?

Penetration testers and ethical hackers attempt to shrug the company’s defences, find a way to repair it and install a better defence.

"They pay us to replicate the same kinds of attacks used by the bad guys, the cyber criminals," said John Yeo, European head of Trustwave's SpiderLabs pen test team.

Ethical hackers are getting more and more in demand as the number of cyber-attacks increase.

"They are not 15-year-olds doing it from their bedrooms," said Mathias Elvang, head of security company Sentor. We need people like Matthias or John who use them skills and knowledge to secure your privacy.

Naturally, banks and others financial institutions are primary targets. "The closer you are to cash, the closer you'll be to getting attacked. The importance lies not in what you are doing but in quantifying the risks you face", said Christian Angerbjorn, a former in-house pen tester at one of the UK's High Street banks and now security head at IF Insurance.

Companies pay a lot to secure their servers and data as it is a small price to pay for the damages an attack could cause.

Mr Yeo stated that a lot of people are easy hacked and it makes them realise the potential danger and how much a simple e-mail can do. He added that being caught out via a penetration test can be a powerful learning experience.

"The most important thing is what risks you expose and what damage could that do", said Mr Angerbjorn. He added that the majority of pen tests succeed and even worse are never detected.

In a recent interview by the BBC, Michele Orru demonstrates 'social engineering' hacking attacks through emails.

Get Adobe Flash player

Read the full article by the BBC here.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.