Security & Penetration Testing
Ensuring critical systems, networks and applications are regularly tested and validated for security best practice – by independent experts – is a vital component of any cyber security strategy. Smartdesc provides a tailored blend of cyber security testing, at an appropriate level, frequency and cost depending on your organisation’s cyber security risk appetite. Our Cyber Security Testing Plans are built on best practice according to the National Cyber Security Centre (NCSC), IASME Cyber Essentials, the Information Commissioners’ Office and CREST.
We provide 4 core levels of security testing depending on the types of data stored, risk profile, and likely exposure of your systems and applications:
Cyber Essentials is the Government-backed, national certification scheme to achieve a base level of cyber security across your organisation.
It is often the most logical place to start, testing and validating the most essential security controls such as Multi Factor Authentication and Device Patching, and typically can be completed in around 2-3 weeks.
Prices start from £950; for more information on our Cyber Essentials Certification process can be found here.
Vulnerability Assessment is a fast and powerful way to identify gaps, weaknesses and potential security holes in websites, web-based applications, and networks.
The assessment will scan for known vulnerabilities, and a technical report is produced which will allow your supplier, developer or IT team to remediate any risks.
The assessment can be run in a matter of days, with a re-test included to validate any fixes have been correctly applied. Prices start from £1,500.
Penetration Testing is an industry-standard and internationally recognised security testing technique for organisations to identify vulnerabilities in their IT infrastructure. It provides a holistic, detailed end-to-end analysis of a system or applications’ security configuration and exposes any gaps.
Pen Tests mimic the strategies and actions of real cyber adversaries. This way, pen testing accurately replicates the conditions of genuine high level attacks, providing valuable insights for remediation, reducing the chance of them happening for real.
As a proactive cyber security measure, Penetration Testing leads to self-initiated improvements based on the reports generated. It enables organisations to reduce security risks and provide assurance on the security of their IT estates, by mitigating weaknesses before they can be maliciously exploited.
A Pen Test can be carried out on a network, devices, servers, cloud systems or other applications, and is a more comprehensive and in-depth test compared to a vulnerability assessment. Pen Tests are typically conducted annually, and are most suited to applications or systems that hold the most sensitive data.
These tests are carried out by security specialists who hold highly specialised certifications and licenses to undertake this work, such as CREST, meaning they comply with all external audit requirements. Pen Tests typically start at around £5,000 but are quoted case by case.
Penetration Testing services
- Web application testing
Web application testing identifies flaws or security issues that may allow for your website or web applications to be hacked, putting sensitive data at risk. From internet technologies, mobile applications, APIs and everything in between, we can provide you with extensive testing on all of your application types. - Internal and wireless network testing
An internal network penetration test simulates an attacker who has gained access to the network by breaching the organisation’s technical or physical perimeter, or a malicious insider who has legitimate network access. The test will assess the difficulty with which an attacker can escalate their privileges, with a goal of proving access to sensitive and confidential data on the network. - External infrastructure penetration testing
Infrastructure penetration testing evaluates how secure your external perimeter is from cyber-attacks. This test will also identify hosts which may require additional testing, such as web applications.
A SOC is a service made up of a team of Cyber Security Specialists who operate 24×7 proactively monitoring all your devices and systems for potentially dangerous activity.
The SOC team monitors logs, alerts, and uses sophisticated tools that learn the typical habits of users day to day, meaning they will intervene should something out of the ordinary occur.
Not only does a SOC significantly augment your internal IT resources who would not normally be working 24×7, it also means mean you have access to a team of security specialists guarding your systems every hour of every day.
Critically, having a SOC ensures proactive action will be taken should an outbreak occur to limit the damage – typically by instantly isolating and locking down any device that is acting suspiciously, no matter what the time of day.
We also offer Cyber Security Awareness Training and Phishing Simulations for your staff – click here to find out more.
Why would a nonprofit need security testing?
Nonprofit organisations are the third most targeted industry for cyber attacks worldwide. Ensuring you are regularly testing and validating the ever-changing configuration of your critical applications and systems is essential – regardless of whether they are on-premise, in a data centre, or in the cloud.
Nonprofits can be targeted by attackers because they may be seen as lacking funds for advanced cyber security controls, whilst also processing personal sensitive information – which carries the most value.
Security testing is a specialist activity, which should typically be done by someone independent from your internal IT team or IT supplier, to provide a second opinion on how secure your most important systems are.
If you do suffer a breach, investigations by government official agencies such as the Information Commissioners Office may be launched, which can result in financial penalties if they do not see evidence of regular validation and testing of security measures are in place.
A cyber security testing plan ensures you are acting with due diligence, and shows stakeholders, beneficiaries and Trustees that a proactive approach is being taken to validating the cyber security stance of your organisation.