Why we need BOTH Offensive and Defensive Security
Do we really need to go on the offense in cybersecurity? Aren’t we supposed to defend computers and networks? Excellent question, and I’m so glad you asked. The answer is yes and yes. We need BOTH offensive and defensive security in the cyber world.
You may have heard of anti-virus software, controlling user access, and secure passwords. These are all defensive methodologies to close gaps in a computer network’s security.
But we contend that offensive measures are equally important, and even complementary: hiring an ethical hacker to attempt access to your system can provide highly valuable information and direct your attention to what needs fixing.
What is a Penetration Test?
An organization typically seeks out offensive security by hiring cyber professionals to perform a Penetration Test (PenTest). Your business needs one of these if you want to find out where your vulnerabilities and security gaps exist.
These tests are usually performed by an outside organization contracted to penetrate (or attempt to penetrate) your network.
PenTests can include:
hacking into an organization
attempting to gain access to unauthorized systems (systems that should have secure access only)
phishing campaigns (for example, those emails asking for your bank account information)
social engineering (psychological manipulation of people to gain confidential information)
gaining physical access to gather intelligence
and/or planting digital devices that will allow the offensive attacker to gain remote access to the internal network.
Sounds like a spy movie? Yep, we think so too.
The difference between a PenTest and an outside attacker (a good spy or a bad spy)? Authority. You give explicit written permission to an ethical hacker, who has committed to a code of ethics and sets out to test your network and report vulnerabilities to you.
What is a Vulnerability?
A vulnerability is a gap. A place where it is possible or probable for an attacker to sneak in.
Even the world’s best security pros cannot guarantee a 100% secure network, but finding vulnerabilities and eliminating them is the key to optimizing your security, and to making sure that your business continues to operate. At this point, offensive security and defensive security begin to overlap.
What We Do and Why
We offer a variety of services, including offensive security via Penetration Testing. We find holes in your information security system that need plugged.
This is important not just because we like spy movies (we do), but because we want to keep your business operational. We reduce the potential impact to you and your bottom line when we can find and address security gaps.
We want your business to be secure and we want it to succeed. We believe that’s good for all of us.
Contact us and let us know what you need. We can work with you to find and address your security gaps, and to ensure your business achieves its maximum potential.
For more on Penetration Testing, Information Security, and Cybersecurity, take a look at David and Cliff's episode #1 of Conversations with Cliff.
Katy Munden Penner is a Writer and Content Strategist for StandardUser Cyber Security, and a Social Entrepreneur connecting people with great causes.