Blog

It’s not a question of if you will be attacked, but when

February 6th, 2017 by Mark Daly in ilicomm News No Comments »
It’s not a question of if you will be attacked, but when ilicomm Technology Solutions

Penetration testing or ‘pen testing’ is the most effective way of demonstrating that exploitable vulnerabilities within your company’s internet-facing resources have been identified, allowing suitable patches to be applied.

The aim is to identify browser exploits, un-patched software, un-secure coding practices and weak encryption algorithms. A penetration test must be conducted by a certified ethical penetration tester, who will use their expertise to identify specific weaknesses within an organisation’s security arrangements. This involves simulating a malicious attack on an organisation’s information security arrangements, often using a combination of methods and tools.

Threats are constantly evolving and changing.

It’s not a question of if you will be attacked, but when.

Even if you are a relatively unknown organisation of little apparent interest to an attacker, criminals’ automated scans will find your presence online.

  • More and more applications are directing traffic by default through http to bypass firewall rules.
  • Malware can be downloaded automatically.
  • Websites can be infected by code injection, cross-site scripting and other similar black-hat hacking techniques.
  • Your website traffic can be hijacked.
  • Blacklisting by major search engines can cause you to lose business.

It is easy for new vulnerabilities to be identified and exploited by criminal hackers. In many cases, you won’t even know that your defences have been successfully breached until it’s too late.

Which test best suits my organisation?

Here at ilicomm Technology, we present the vulnerabilities and risks to the organisation once the test has been conducted, along with recommendations for remedial action, which are displayed as facts in an easily understandable report.

Our bespoke penetration tests deliver cost-effective and practical solutions that will help you meet your legal, regulatory and contractual requirements.

Still not convinced?

Below we have listed the known breaches and attacks that have taken place in January 2017 so far.

Cyber attack

Cockrell Hill police lose years’ worth of evidence in ransom hacking

Hacker Group Claims Responsibility for Lloyds Bank Outages, Ransom Demand

St. Louis’ public library computers hacked for ransom

Computer hacker hits Illinois processor

No payoff for hackers, Arkansas school district says

Trojan malware blamed for cyberattack at Barts Health NHS hospitals

Marijuana dispensaries hit by hack of sales system

Cosmetic surgery center discloses ransomware attack

Princeton University becomes victim of MongoDB ransom attacks

Los Angeles Valley College Hit By Cyber Attack, Pays Ransom

Data breach

Break-in prompts hospital to assess possible patient privacy breach

Odessa one of eight school districts targeted in e-mail phishing scam

Grey Eagle Casino employee information leaked in major privacy breach

Dirty secrets of 180,000 users of a porn site that posts ‘upskirt’ photos are leaked

Data breach affects thousands of school system employees

Telus releases Hamilton woman’s cellphone information to her stalker

218,000 AlphaBay marketplace users’ private messages acquired by bug hunter

Another child protection privacy breach names more than 30 kids in care

District 833, police investigate after student accesses private employee data

NYPD tech worker accused of selling officers’ personal info

TriHealth notifies 1,126 patients after software glitch sends statements to old addresses

Ohio State Veterinary Medical Center at Dublin hit with possible data breach

Catholic Charities of Baltimore Notifies Clients of Potential Security Incident

Complete Wellness notifies 600 patients after employee misconduct results in lost PHI

Clash of Clans Forums Accounts Have Been Hacked

CoPilot Provider Support Services notifies 220,000 of data security breach in 2015

California translation firm’s security lapse exposes sensitive files

Passwords of top Trump appointees leaked online after earlier data breaches: Report

California snafu releases personal info of nearly 4,000 gun safety instructors

Dutch Cops Warn 20,000 of Email Account Hack

5,000+ Sentara Healthcare patient records involved in security breach

Children’s Hospital Los Angeles and the Children’s Hospital Los Angeles Medical Group notify parents of laptop theft

Email account with patient information at UM doctors group hacked

Summit Reinsurance Services breach affected 19,000

Hacker Steals 900 GB of Cellebrite Data

Hospital scammed for employee information

Twoplustwo poker forum hacked again; personal data stolen

ESEA hacked, 1.5 million records leaked after alleged failed extortion attempt

Letter notifies NISD employees, students of email breach

Hilliard Bradley High School hacked, students’ information exposed

Financial

Possible data breach occurred at 21 Bowlmor AMF bowling centers, including one in Henrico

POPEYES discloses payment card breach that began in May, 2016; 10 locations affected

Zimbabwe computer hacker takes $70k from OK Zim

Rsync errors lead to data breach at Canadian ISP, KWIC Internet

Hackers infiltrate govt-owned bank systems to create fake trade docs

Taipei employees’ financial data leaked

Fighting back against cyber crime

Delhi hackers, digital shoplifters who tampered data of e-commerce portals

Google Removes Ransomware-Laden App From Play Store

Paramedic supervisor charged with stealing drugs and identity theft

‘Celebgate’ hacker sentenced to nine months in prison

Mortgage loan processor stole dozens of identities

 

Leave a Reply