How Ethical Hacking is Healthy for Business


Published on

The easiest and most accurate way to discover if a business is protected enough to withstand a hack is to test it through the eyes of an (ethical) hacker. Ethical hackers, or penetration testers, act as computer detectives who manually examine a business environment for exploitable weaknesses. This presentation will discuss the importance of ensuring a business network receives the security check-ups it requires to maintain a healthy security posture.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Emphasize that I am using the terminology outside of their technical definitions. These terms are commonly used in the media and well-known to the public at large.
  • I can’t speak for all penetration testing departments, but I know what SM gives you.
  • Vulnerability scans locate potential vulns, pen testers shows tells you what an exploitable vuln is (a REAL weakness)
  • In the past 10 months, what newsworthy businesses have been hacked that could have prevented their hack with a pen test?Similar risks to what a pen test can find and exploit.
  • How Ethical Hacking is Healthy for Business

    1. 1. Ethical Hacking is Healthy for Business
    2. 2. Is your company prepared for a situation like this?
    3. 3. If you had your website, networks, and servers ethically hacked, you probably wouldn’t be in this situation.
    4. 4. Let’s talk about hackers
    5. 5. There are 2 types of hackers. Malicious Ethical
    6. 6. Malicious hackers look to exploit weaknesses in a computer or network to steal company or customer information.
    7. 7. Ethical hackers are hired by a company to find weaknesses in that company’s environment. Ethical hackers are also called penetration testers.
    8. 8. The point? Find the weaknesses malicious hackers would use to gain access to company data, and help companies fix the problem!
    9. 9. Ethical hackers simulate real scenarios. For example: – Hackers that want to steal credit card information – Unethical competitors looking for company secrets – Disgruntled employees who want to deface a company website
    10. 10. What kind of tests do they conduct? • • • • • Internal/external testing Web application testing Remote access testing Wireless testing Social engineering
    11. 11. After testing, penetration testers provide: – Report on all vulnerabilities – Assistance to fix the found vulnerabilities
    12. 12. Why get a penetration test? Here are 6 reasons.
    13. 13. 1 It’s required (PCI DSS requirement 11.3)
    14. 14. 2 To test your products or website for security failures Did you know more than 79% of data breach victims possess an easily exploitable weakness? -Verizon
    15. 15. 3 To properly allocate security funds
    16. 16. To test incident response and security awareness of staff 4
    17. 17. 5 So you don’t end up on the front page
    18. 18. Because hackers become more sophisticated in the ways they steal data. 6 They adapt as fast as technologies improve.
    19. 19. Most breaches are preventable.
    20. 20. Why can hackers get in so easily? • Favoring functionality over security • Insecure software development • Incorrect configuration • Lack of staff security education • Gaps in accountability
    21. 21. 3 Best Practices Implement secure controls and conduct security awareness training Implement a strict policy for code development & testing Get ethically hacked!
    22. 22. Need to be ethically hacked? 801.705.5656