Cyber intrusions and penetration testing

  • Every computer network is at risk for cyber intrusion.

  • In some industries, like aeronautics, breaches can be very costly and dangerous.

  • Security monitoring and controls are crucial to reducing the risks of major breaches.

Not so long ago, securing your secrets or protecting a building was relatively simple. I remember walking with my grandfather, a chief engineer at a major Soviet aircraft production factory, along a 12-foot concrete wall topped with barbed wire. My grandfather’s locked leather briefcase held all the classified documents he needed and was kept close at hand day or night.

Times have changed. Firewalls have replaced barbed wire walls, and secured laptops have replaced briefcases filled with trade or military secrets. It is imperative that these types of defense mechanisms protect both the virtual and physical world now as cyber hackers can be thousands of miles away drinking coffee, while breaking into supposedly secure networks and stealing, trading, or corrupting priceless information.

My job as a penetration tester presents numerous opportunities to witness and correct glaring insecurities and weaknesses in many computer networks under testing. Often networks are flat, meaning that cyber intrusions originating in one part of the network could quickly spread to other areas due to insufficient isolation. Even full isolation in cyberspace is not absolutely secure. There could be other pathways to the target network, as exemplified by the famous computer worm, Stuxnet, which attacked an isolated network.

The objective of penetration testing is to assess the feasibility of a compromise through validation of the overall effectiveness of defensive mechanisms. Findings revealed through testing greatly help organizations determine the security posture of the network and to make further strategic decisions to implement security measures. Properly implemented security monitoring and controls will reduce the risk of major breaches and minimize the amount or type of information that cyber criminals could obtain in case breaches occur.

In today’s world, it is crucial that we secure and defend the virtual and physical world with a new kind of “barbed wire.” Learn what can you do to prevent cyber intrusions with network security services from AT&T.

Jennia Hizver Consulting Practice Security Researcher and Consultant AT&T About Jennia