Written by Farah Hamoudah
Farah Hamoudah is a System Analyst under the Pre Sales team and project development division at KUWAITNET. Her interests are rooted in cyber security awareness, citizen development, and youth social advocacy.
In line with the world’s increasing dependence on digitisation amidst a global pandemic, the cybersecurity landscape continues to evolve new threat actors, vulnerabilities, and exploits every day. Gaps in enterprise security infrastructure have particularly exposed organizations across industries to advanced persistent threats (APTs) with ransomware attacks (malware that encrypts the victim’s data and holds it at ransom) exponentially making a recurring appearance throughout 2021. So, how can the enterprises of today build resiliency against ever-changing attack vectors? To accomplish this, ethical hacking must be at the core of each organizational function and performed periodically to proactively anticipate intrusion, explore and close gaps.
Ethical hacking or white-hat hacking, is the legal act of bypassing application, system, or infrastructure security controls to identify breaches and put the defenses to the ultimate test. The techniques an ethical hacker uses in the process varies in categorization to encompass social engineering, network, operating system, and application level attacks. The goal is to showcase that exploits exist and account for them without destroying system functionality, tampering with data, or raising privacy concerns.
While ethical hacking is an umbrella term for finding ways to gain unauthorized access to a particular system, in contrast to that, penetration testing refers to the formal procedure of conducting a security audit. The outcome may be specific or comprehensive in scope, such as detecting lack of security awareness culture, weak compliance controls (e.g. HIPAA, PCI DSS, GDPR, etc), data protection mechanisms, and other security measures. The four main types of penetration testing extend to categories of network, physical (on-site), application, and social engineering tests.
The network simulation attack involves examining internal and/or external facing network assets and publicly available organizational information. On-site pen testing may demonstrate corporate espionage at the enterprise’s physical location. Application penetration simulations address design flaws, weak security protocols, or missing patches. Social engineering tests the human-factor susceptibility level to sharing sensitive organizational information or unknowingly giving a threat actor system-level access. Test reports are often detailed in outcomes and include comprehensive security recommendations for fortifying resilience.
The post-exploitation phase occurs when the victim’s system is compromised and the threat actor is free to maneuver across resources, directories, accounts, etc. No matter the pen-testing approach, the simulation must attempt to align with real world attacks as much as possible to garner justifiable results and actionable solutions.The ethical hacker must diversify attack scenarios with known adversary tactics such as privilege escalation, defense evasion, credential access, lateral movement, exfiltration, and command and control.
Defining a robust security strategy and penetration testing framework should be sought as more than a mere compliance requirement, and instead seen as a continuous, iterative exercise in skilling up in-house security, building a transparent culture, and striving for an offensive approach against adversaries of all types to defend the perimeter and protect the enterprise.
Backup, Data, Details, Enterprise, Hosting, Secure, Solution, Teamwork, Technology, Websecurity, cyberbackup,
2 mins read
There exists no denying that the Internet has made the world a better place in more ways than one. This is particularly true in countless areas of operations. The Internet ...
Start Reading
2 mins read
Opting for the right domain name for a business is a common concern for people starting a new online venture. Coming up with a catchy, unique domain name for your company c...
Start Reading
7 mins read
The software program improvement lifestyles cycle (SDLC) is a method used for structuring any software program system, from initiation via to implementation. Increased dema...
Start Reading
2 mins read
At Cloudflare, we’ve found that the most secure, adaptable solutions operate on a Zero Trust model, which assumes that every login attempt is “guilty until proven innocent....
Start Reading
5 mins read
Businesses who have an early adoption of the latest technology have already entered the new phases of digital transformation. They have a competitive advantage over their c...
Start Reading
3 mins read
With crisis across the globe, where people are trying to survive, businesses trying to facilitate exchange of money and with healthcare systems overburdened, is there any g...
Start Reading
3 mins read
For a startup business, security comes first, and it is crucial for its success. All thanks to technology, many options are available in the market, but it’s good to have l...
Start Reading
5 mins read
A practical approach to web security threats must be proactive and defensive by definition.
Start Reading