What if a trusted third party could help your company identify specific vulnerabilities before the hackers do?

Cyberattack stories abound, from large corporations like Target and Equifax to various small businesses in your hometown, and the productivity and revenue loss continue to be catastrophic.  However, a comprehensive penetration test, ideally performed by an outside cybersecurity expert who is unfamiliar with your network and uninvolved with its design, will often highlight weaknesses in your company’s network and its defenses.  During such an exercise, various tools and software are deployed that seek out deficiencies better found by you than a hacker.

Consider a couple of testing success stories from two well-known companies:

  • Penetration testing conducted at the Mayo Clinic identified outdated operating systems on crucial medical equipment and devices.  Furthermore, the testing discovered staff with weak and overused passwords.  Mayo acted quickly to update its systems and enforce a strict password policy, thereby strengthening its protection significantly.
  • Walmart’s testing found unpatched software in use, weaknesses in its Point of Sale system, and poor password hygiene.  Walmart immediately patched and updated its POS system to protect customer payments and implemented employee training and password policies.

While the Mayo Clinic and Walmart are large corporations, penetration testing offers benefits to companies, law firms, and healthcare providers of every size.

In fact, for many cybersecurity insurance policies and certain compliance frameworks, annual (or even more frequent) third-party penetration testing is a requirement.  Healthcare providers and certain adjacent industries, companies subject to PCI (Payment Card Industry) compliance, and financial institutions (including, but not limited to, accountants, mortgage lenders, and car dealerships) often have certain legal requirements to perform pen-testing at least annually.

Discovering open ports, weak user credentials, unpatched applications, and other potentially devastating fissures in your business’s network allows your team to repair and resolve these problems before the hackers find them.  While you may need to dedicate some time and resources to fixing these problems, the cost is minimal when compared to that of an actual breach that takes your entire business out of operation for weeks or even months…or even forever.

Consider the cost of assuming your network is protected.  For example:

  • Alabama’s own Norwood Clinic announced in late 2021 that a cyberattack had exposed the records of roughly 228,000 patients.  A $2.3 million settlement was reached in January.  This settlement doesn’t include the cost of cleaning up the actual breach itself or the downtime in productivity for the clinic.  
  • In 2019, an extensive ransomware attack hit Tuscaloosa’s DCH Medical Center, extending to Northport and Fayette centers as well.  A social engineering scheme focused on employees, convincing them to click on attachments via email, thus releasing malware and shutting their entire network down.  Hospital services and functions were partially paused for 10 days until a decryption key was purchased from the attackers at an undisclosed cost.  A lawsuit from a group of patients is ongoing.

When your eight-year-old tells you he’s done his homework, do you believe him or do you double-check that it’s complete?

If your mechanic changes your oil, does he assume he’s put the cap back on or is it part of his protocol to inspect that before he’s done?  Do you go to bed believing your doors are probably locked for the night or do you make sure they’re secure?  Your company’s network must be given the same thorough consideration.  Protecting your business’s most valuable assets means that alerts must be managed, patches updated, and security gaps remedied.  If not, you are at a significantly higher risk of attack.

For a limited time, SIP Oasis is offering a special price on penetration testing to qualified businesses.  Give us a call today at (205) 623-1223 to find out if it’s right for you and your business!