New York, NY, May 04, 2012 --(PR.com
)-- The numbers revealed in Symantec’s newest Internet Security Threat Report tell a story that should make every organization relying on Electronically Stored Information (ESI), in any form, turn a fresh spotlight on securing their cyber assets. With 403 million new variants of malware out there in 2011, compared to 286 million in 2010, and new threat vectors opening up due to the skyrocketing proliferation of social networking and mobile devices, it has never been more important for an organization’s survival to take proactive steps to fortify not only the security of their (and their clients’) actual data, but also the procedures and policies that will be relied on should the unthinkable happen. Penetration testing by Global Digital Forensics can significantly improve the odds against becoming a victim and substantially mitigate damages in the aftermath of any successful attack.
What is penetration testing?
Think of it like an old Hollywood western. The guys with the black hats (black hat hackers) are the bad guys bent on taking whatever they want, from whomever they want, legality and morality be damned. They’ll use every dirty trick in the book, they’ll exploit whatever person or means they can to further their agenda and they’ll leave a once prosperous town in shambles without a bit of guilt or remorse as they ride on to the next one. Enter the good guys in the white hats. Their job is to stop the black hats from running roughshod. To do that most effectively in our ever changing cyber world, the old saying “to catch a thief you have to think like a thief” is brought to life in the form of penetration testing. A white hat will don a black hat and put an organization through “real-world” attacks using the same methods, tools and tactics that would be used by today’s black hats. The big difference is they will be doing it without harming the organization in order to expose vulnerabilities in cyber security and response polices and procedures, offering valuable remediation steps to correct them so the real black hats can be kept at bay.
Joe Caruso, CEO/CTO of Global Digital Forensics, has responded to intrusions for some of the most recognized entities in the world. He weighed in on the report and the critical need for regular penetration testing. “Symantec’s study is another confirmation of the very real and very abundant cyber threats that can potentially affect anyone, from individuals to the largest organizations on the planet. When you think that 1 in every 239 emails is infected with a virus and phishing emails show up on average about 1 out of 300, it’s crazy to think there is such a thing as perfect protection, the human error element will see to that. Add to the mix malicious websites, 1 out of 156 unique URLs according to the study, and our increasing reliance on mobile technologies and cloud computing, and the potential for devastating intrusions and data breaches should be clear as day. But unfortunately, too many organizations still seem to be playing Russian Roulette with 5 chambers loaded.”
So what should a penetration test cover? Caruso explains. “Our penetration tests, or pen tests, are designed to swing the odds back in our clients’ favor. We explore vulnerabilities from a hacker’s perspective. We engage in spoofing, phishing and social engineering to test the human element, we test perimeter safety, we investigate data preservation and control policies, we check measures in place to guard against data ex-filtration not only from outsiders, but from current and former employees as well. Our pen tests also look at an array of other areas based on the unique IT setup and data challenges any particular organization faces on a daily basis. It’s our job to stay current on the latest threats and trends and translate that knowledge to our clients to keep them as safe as possible. But in the event something does occur, like an almost unstoppable Zero Day attack, we also hone in on weaknesses in how an organization responds to a cyber crisis and offer 24/7 Emergency Response Teams which will go a long way in determining whether or not the organization can survive the attack. Hackers won’t be forgiving, regulatory compliance agencies won’t be forgiving and most importantly, clients won’t be forgiving. Just like your virus scanner updating multiple times on a daily basis, regular penetration testing is needed to safeguard against the newest modes of attack constantly being devised and disseminated by the black hats.”
With the cyber landscape constantly evolving, the ugly truth is that with every breakthrough adding convenience to our digital lives, new opportunities for the unsavory element out there also spring to life. But you don’t have to take it lying down. Trusting a reputable and recognized group of experts like Global Digital Forensics to help can make all the difference in the sink or swim world of ESI. For more information, call Global Digital forensics at 1-800-868-8189 for a free consultation, or visit www.globaldigitalforensics.com
to learn more.