Article from our CEO, Fiona Whyte

Why would you approach a cybersecurity specialist? Maybe it’s because you’ve been attacked and you now understand the devastating effect of that, both in terms of cost and disruption but also reputation damage.

But what if you haven’t had a solid indication that you have an issue in your defences? A lot of companies feel secure in the knowledge that they have some defences in place, and feel that the fact that they have invested in something equates to, I have protection so, therefore, I am protected. This commonly relates to anti-virus and firewalls. In these scenarios they rarely question or test what their investment is actually giving them.

People within an organisation that have responsibility for security will want to measure how successful they are at their job and therefore will want to be able to demonstrate how robust their security is to customers, suppliers, colleagues and stakeholders.

Despite having teams of cybersecurity specialists within a company, who is actually on the hook in terms of overall responsibility? The answer has to be with the C suite, if you are in charge of running a company, cybersecurity must surely be one of the most critical elements of that responsibility, as enduring a ransomware attack that takes down your whole company will supersede any other business issue.

If you are curious to know or need to demonstrate how good your cybersecurity actually is, the best way to be able to do that is with a pen test. A pen test gives you real data, it’s not subjective or scaremongering or influenced by the latest trends, it’s facts, and enables you to make informed decisions about how to protect your organisation.

Every organisation could say that they have a problem because threats are constantly evolving and therefore there is never a perfect level of protection, so you always have a problem. It’s more how much of a problem you have.

And the biggest problem of all is denial.