Pentest or Pull the Plug?

Codemasters have just demonstrated the weakness of a fallback strategy, when attacked by hackers, of taking your website offline: the hackers will already have got away with a whole lot of valuable information. So Codemasters appear now to be in a position where their website is offline, their customers are upset – and a lot of their customers data is in the hands of those not entitled to have it. It’s not really a good way to run an Internet business, is it?

Sensible online organisations will usually do one – or both – of two things. The first is to run quarterly vulnerability scans across all websites that collect customer information – and one of the best tools for doing this is the HackerGuardian Scan service. It is PCI DSS compliant, which means that it meets requirements for e-commerce sites as well as scanning for all other website vulnerabilities.

The second thing to do is to have a detailed external penetration test carried out at least once per year and, ideally, on a quarterly basis – to make sure that your website and network access are both secured against attack. Pen testing is not expensive, and is not complicated – particularly when you purchase a pentesting package.

For most organisations, spending less than £10k per annum on Internet and network security testing must be a more sensible, more cost effective option than hoping that hackers won’t strike you – becasue they will.