Businesses are taking cybersecurity more seriously than ever. In 2021, executives ramped up their cybersecurity spending in response to the explosion of cyber-attacks exploiting lockdown remote working. Despite this, the frequency and severity of security breaches has only increased, with small to medium businesses in the UK subject to an astonishing average of 10,000 attempted cyber-attacks a day. Successful attacks breach sensitive data, and recovery can result in severe financial losses, sometimes millions of pounds, for affected businesses. So, what is going wrong?

Cybersecurity experts agree that one of the biggest issues is that businesses are not spending their security budgets in the right places. Anthony Green, CTO of cybersecurity consultants FoxTech, works to prevent cyber-attacks, and helps companies who have experienced a security breach:

“What we are seeing is that usually, IT strategies fail when businesses don’t actually know what their weaknesses are – or indeed don’t realise they have any at all. Many companies believe their networks are secure because they have outsourced their IT or installed an anti-virus package. Unfortunately, this is like going on holiday and locking your front door, but leaving all your windows wide open – traditional security methods are not comprehensive, and hackers can easily find and exploit your remaining vulnerabilities.”

This is where ethical hacking, also known as penetration testing, comes in. Ethical hacking is when an accredited cybersecurity consultancy carries out a simulated cyber-attack against your computer system. Penetration testers can identify exploitable flaws in bespoke software, carry out scenario testing to discover how incidents, such as a compromised DMZ host, impact on your security, and test your businesses’ response capabilities to attack or temporary vulnerability.

Anthony comments:

“It’s impossible to take the right cybersecurity actions without knowing what your problems are. This is why penetration testing really is crucial. Subjecting your IT infrastructure to ethical hacking by someone who isn’t going to steal your data is one of the best things you can do to prevent a real hacker gaining access. Initially, companies can find it hard to believe that hacking could ever be ethical, let alone good for their business – but it is the best way to find out exactly how vulnerable your business is to an attack.”

Once penetration testing has shown you where your weak spots are, and what methods hackers could use to exploit them, the next step is to fix, secure and block these paths to access. Most companies’ current IT protection plans focus only on the last step – blocking access – without necessarily knowing exactly where that access is. Any kind of vulnerability assessment like penetration testing provides an exciting opportunity to find out if your business and your data is properly protected from attack, and should be seen as an essential aspect of any good cybersecurity strategy.