Q&A: What’s Cybersecurity Testing and How Can It Help Your Business?

Q&A: What’s Cybersecurity Testing and How Can It Help Your Business?

Cybersecurity expert Greg Hatcher, a former U.S. Army Special Forces senior network engineer, shares insights that industry companies can use to better bulwark their businesses at a time when cyberattacks are increasing.

Cyberattacks are on the rise, and small- and medium-sized businesses (SMBs) are among those in the crosshairs.

A study from cyberthreat intelligence outfit Check Point Research, for instance, found that cyberattacks increased 38% globally in 2022. The increase was driven, along with other factors, by a rising number of smaller, more agile criminal groups targeting business collaboration tools, such as Slack and Teams, that are often used to enable remote work.

The escalation in cyberattacks was even more pronounced in North America, where they jumped by 52% year over year, the research found. In the U.S. in particular, attacks accelerated by 57%.

Meanwhile, another study from information technology services firm Accenture revealed that 43% of cyberattacks target SMBs. And yet, only 14% of SMBs are prepared for the attack, the study said. The promotional products industry has not been immune. In recent years, suppliers and distributors large and small have been targeted – and, in cases, victimized – by hackers.

Still, promo firms and other companies are not defenseless. One thing that can help strengthen a business against a digital breach is quality cybersecurity testing, says Greg Hatcher. He would know. Hatcher is a cybersecurity expert who cut his IT teeth, so to speak, while serving as an enlisted senior network engineer in the U.S. Army Special Forces.

The founder of cybersecurity consultancy White Knight Labs, Hatcher has taught at the National Security Agency and led red teams while contracting for the federal Cybersecurity and Infrastructure Security Agency. Here, he discusses cybersecurity testing and how it can help protect your business.

Q: What is cybersecurity testing?A: It’s the process of identifying and assessing the vulnerabilities and weaknesses in an organization’s computer systems, networks and applications. It involves simulating attacks or security breaches to evaluate the effectiveness of the organization’s security controls and measures.

Q: What are the top cyberthreats facing businesses today?A: They include ransomware, phishing and supply chain attacks, insider threats and distributed denial-of-service (DDoS) attacks. They can result in data breaches, financial losses, reputational damage and other serious consequences.

Q: How does cybersecurity testing help protect businesses against those threats?A: By conducting regular testing, organizations can identify and remediate potential security gaps before they can be exploited by cyberattackers. Cybersecurity testing can also help organizations evaluate the effectiveness of their security controls and measures, and make improvements where necessary.

Q: What types of cybersecurity testing are there?A: There are several types, including vulnerability assessments, penetration testing, web application testing and social engineering testing. Each type of testing is designed to evaluate different aspects of an organization’s security posture.

• Penetration Test – An authorized simulated cyberattack on a computer system, performed to evaluate the system’s security strength. • Vulnerability Assessment – A systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if necessary. • Social Engineering Penetration Testing – Evaluates employees’ adherence – or lack thereof – to a company’s IT security policies and practices. This testing should indicate to management how easily an intruder could convince employees to break security rules or provide access to sensitive information. • Web Application Testing – Simulates a hacking to critically assess security vulnerabilities, weaknesses and technical misconfigurations that an attacker would target in web apps/application programming interfaces. Ultimately, the testing helps enable the removal of the vulnerabilities from web apps/APIs.

Q: How often should companies conduct cybersecurity testing?A: The frequency of cybersecurity testing will depend on several factors, including the size and complexity of the organization, the nature of its operations and the level of risk it faces. Generally, organizations should conduct cybersecurity testing at least annually, and more frequently for high-risk environments or critical systems.

Q: What can businesses do to undertake cybersecurity testing? A: Companies can turn to cybersecurity firms such as White Knight Labs for help with cybersecurity testing. These firms specialize in conducting cybersecurity assessments and testing, and can provide expert guidance and support to help organizations improve their security posture. (Editor’s note: A business’ internal teams may also test systems, but some experts think getting the different perspective of an outside firm can help best identify weak points that internal teams might miss.)

Q: What else do businesses need to know?A: It’s important to note that cybersecurity testing is just one component of a comprehensive cybersecurity strategy. Organizations should also implement strong security controls and measures, conduct regular security awareness training for employees, and have an incident response plan in place to quickly respond to and mitigate security incidents.

Images Powered by Shutterstock