PBM speaks with Anthony Green, CTO of FoxTech, who explains how to utilise ‘ethical hacking and penetration testing’ to boost the cybersecurity of your business.
Businesses are taking cybersecurity more seriously than ever. In 2021, executives ramped up their cybersecurity spending in response to the explosion of cyber-attacks exploiting lockdown remote working. Despite this, the frequency and severity of security breaches has only increased, with small to medium businesses in the UK subject to an astonishing average of 10,000 attempted cyber-attacks a day.
Successful attacks breach sensitive data, and recovery can result in severe financial losses, sometimes millions of pounds, for affected businesses. So, what is going wrong?
Cybersecurity experts agree that one of the biggest issues is that businesses are not spending their security budgets in the right places. For example, working to prevent cyber-attacks and helping companies who have experienced a security breach, Anthony Green, CTO of cybersecurity consultants FoxTech, said: “What we are seeing is that usually, IT strategies fail when businesses don’t actually know what their weaknesses are — or indeed don’t realise they have any at all.
“Many companies believe their networks are secure because they have outsourced their IT or installed an anti-virus package. Unfortunately, this is like going on holiday and locking your front door, but leaving all your windows wide open — traditional security methods are not comprehensive, and hackers can easily find and exploit your remaining vulnerabilities.”
“Subjecting your IT infrastructure to ethical hacking by someone who isn’t going to steal your data is one of the best things you can do to prevent a real hacker gaining access.”
This is where ethical hacking, also known as penetration testing, comes in. Ethical hacking is when an accredited cybersecurity consultancy carries out a simulated cyber-attack against your computer system. Penetration testers can identify exploitable flaws in bespoke software, carry out scenario testing to discover how incidents — such as a compromised DMZ host — impact on your security, and test your businesses’ response capabilities to attack or temporary vulnerability.
Anthony continued: “It’s impossible to take the right cybersecurity actions without knowing what your problems are. This is why penetration testing really is crucial. Subjecting your IT infrastructure to ethical hacking by someone who isn’t going to steal your data is one of the best things you can do to prevent a real hacker gaining access.
“Initially, companies can find it hard to believe that hacking could ever be ethical, let alone good for their business — but it is the best way to find out exactly how vulnerable your business is to an attack.”
Once penetration testing has shown you where your weak spots are, and what methods hackers could use to exploit them, the next step is to fix, secure and block these paths to access. Most companies’ current IT protection plans focus only on the last step — blocking access — without necessarily knowing exactly where that access is.
However, any kind of vulnerability assessment like penetration testing provides an exciting opportunity to find out if your business and your data is properly protected from attack. As such, it should be seen as an essential aspect of any good cybersecurity strategy.
FoxTech is an independent, specialised cyber security company operating in the UK. With expertise spanning decades across a variety of sectors, the team provides “information security advice, assurance and solutions to businesses enabling them to make informed decisions about securing their systems from cyber attacks”.
A version of this article appeared in the March edition of PBM. Click the link to read the full digital issue.