The Importance of Cybersecurity & Penetration Testing For the SMB


Introduction


The world today is far different than it was one month ago.  For example, here in the United States, we were at all time stock market highs, and unemployment was at its lowest peak, right around 3.5%.  We had the longest economic boom period, lasting about 11 years in length. But, with the advent of the Coronavirus, that all came to a sudden halt, and now the reverse is happening, to another extreme.


Apart from the tragic toll it is taking on human lives, it has also made a tremendous impact upon the world of Cybersecurity.  For example:


  • The number of Phishing attacks has greatly increased.  Victims are not simply being sent to spoofed banking or other financial institution websites, they are now being lured into a spoofed Center for Disease Control (CDC) and World Healthcare Organization (WHO) websites.

  • Since just about every worker is now working remotely, all meetings, calls, etc. are taking place via Zoom.  But now they are becoming a target for the Cyberattacker, given this rise in demand.

  • Many domains are now being registered in order to launch spoofed and illegitimate websites.

  • The remote worker is now also becoming a prime target for the Cyberattacker.  The primary reason for this is that many businesses were in a rush to get their workers, and as a result, many of the laptops and other wireless devices do not have the proper security mechanisms installed onto them.

To demonstrate this, here are some illustrations as to how the Coronavirus impacted the Cybersecurity of Italy, one of the first companies to be hit hard with it:

(SOURCE:  1).

The above diagram represents the sudden spike in Phishing activity just from almost within the last month.

(SOURCE: 1).

The above illustration represents the sheer increase in fake login attempts into various types of websites and other critical resources.



(SOURCE:  1).

The illustration above shows the increased number of Cyberattacks that are taking place on the computers and wireless devices of remote workers.


But whatever the form of the threat variant is, the bottom line is that most of these Cyberattacks are Phishing based, redirecting victims to malicious websites and other types of web-based applications.  This drives home the point that websites need to be made much more secure.


One of the best ways to protect your businesses’ website (and even your business) in these trying times is to make use of what is known as Penetration Testing.


What Is Penetration Testing?


In more technical terms, Penetration Testing (aka Pen Testing) can be defined as follows:


“[It] is a simulated cyber-attack where professional, ethical hackers break into corporate networks to find weaknesses... [in] your network, application, device, and/or physical security through the eyes of both a malicious actor and an experienced cybersecurity expert to discover weaknesses and identify areas where your security posture needs improvement.


This testing doesn’t stop at simply discovering ways in which a criminal might gain unauthorized access to sensitive data or even take over your systems for malicious purposes. It also simulates a real-world attack to determine how any defenses will fare and the possible magnitude of a breach.” (SOURCES:  2 and 3).


One of the keywords to take serious note here is that of “ethical”. Yes, Pen Testers do have the mind like that of the Cyberattacker (or they could have been on themselves in a previous life, but decided to turn over to the good side), but what they engage in is for the good of the client. In other words, they will never step beyond the boundaries or the limits of what the customer wants. If a Tester feels that they need to, by the letter of the law, they have to ask for permission first from the customer and notify them in writing what more they are planning to do.