Penetration testing has a major impact on the security of the systems and infrastructure of any enterprise. An ethical hacker will help prevent damage that can reach tens of millions of crowns. Yet the cost of pentesting represents barely one and a half percent of annual investments in IT technology and cybersecurity.
The trend towards digitalization of business operations and processes tends to underestimate the new technological risks we are exposed to.
“In a larger manufacturing company, an economic loss of over fifty million crowns can occur in a single day,” warns David Pícha, Cybersecurity Manager at Integra Czech Republic. “I have encountered companies that have invested heavily in cybersecurity, but unfortunately they have done so incorrectly. From the management’s point of view, it looks like their security is at a high level, but the opposite was true. Security needs to be invested in judiciously and strategically to eliminate any vulnerabilities.”
To give you an example, a company with a turnover of around CZK 2.5 billion invests around CZK 10 million in purchasing IT technology and services and another CZK 3.5 million in cyber security. It often does not invest in penetration tests at all, although the cost would be around 200,000, or 1.48% of the total investment in IT technology and services. Penetration testing costs from fifty to more than three hundred thousand crowns – depending on the size of the company’s IT infrastructure and therefore the time required by the ethical hacker himself.
Penetration testing, also called ethical hacking, is a form of IT security assessment that tests a computer system, network or software application to identify security vulnerabilities that an attacker could exploit.
Six reasons why a company should conduct a penetration test:
1. The result will show the strength of current security
The pentest shows the cyber attack vectors that could affect a company’s IT assets, data, people or physical security – revealing how resilient your IT security is to hacker attacks.
2. Preventing a cyber attack
A company should know how important it is to keep its IT infrastructure running smoothly – how much it would cost to have an hourly, daily or weekly outage. If it doesn’t know the answers to these questions, it should hire an expert to analyze the current state of cybersecurity. The result of the analysis will provide not only a list of priority goals to achieve to secure the business, but also the potential financial losses caused by an outage.
3. Testing new technologies
New products or technologies are one of the main targets of penetration testing. Implementations into businesses are usually carried out by partner companies that focus on timely and successful implementation. The second case is for example when a company is purchased and their IT is migrated, here a lot of unknowns open up that need to be tested.
4. Security team test
After penetration testing, you’ll discover how quickly, if at all, your security team detects such activity and how they behave. This can be particularly useful to develop a plan to respond to emergencies such as hacking attacks.
5. Reputation
If you are the custodian of any sensitive external company or customer data, penetration testing will help prevent information leakage and subsequent damage to your company’s reputation. Loss of trust often leads to a drop in revenue and profits.
6. Regulation and compliance
Companies such as credit institutions and payment service providers are required to conduct penetration testing. Violation of such an obligation can result in fines, criminal liability, or even loss of authority to do business.
