How to secure a company from cyberthreats
A column by Viktor Gulevich, director of security systems department, BSS, devoted to the complex issues of provision of their own cybersecurity by companies was published in the section "Club of Experts" of Bankir. ru portal. Not so long ago, BSS introduced new expertise and information security services. In particular, BSS conducts penetration tests to effectively identify security vulnerabilities, as well as information security auditing and consulting.
The topic of cybercrimes has recently been heard. Information regularly appears about mass thefts of bank clients’ data not only in Russia but also in the world. New methods of cyber theft are revealed. Roundups of world news agencies are full of news about cyber-attacks. The problem is global and its danger is increasing.
But there is good news for banks — cybercriminals have become less oriented to companies and more to individuals. Nevertheless, any legal entity is already quite clearly aware of the real threats to business and reputation posed by hackers.
Improving protection, companies conduct penetration testing, security analysis, Red Team, and use other methods to detect vulnerabilities and weaknesses in the infrastructure. At the same time, even such methods not always make it possible to adequately assess the level of information security of a company and make the right decisions for its protection and improvement.
And the point is in companies providing penetration testing services. Many pentest companies use automated software that does not detect all critical vulnerabilities, does not resist security tools, and does not build attack vectors. Also, such companies do not have sufficient expertise to write their own exploits, as advanced hackers often do. Therefore, in reality, their services are ineffective. And sometimes even dangerous for the client.
How not to make a mistake with the choice of a pentester company? What to look for? What competencies should its specialists have? And how to protect yourself from non-professionals?
In his article, Victor Gulevich offers a proven life hack — a checklist for checking a pentester company, consisting of 5 points. It will surely help to find a reliable company with a professional team and a guaranteed clean background.
Find more details in the column.