Top 5 Risks a Penetration Test Might Uncover

by Eddie, on 05/02/2016 1:59:00 PM

As organisations continue to adopt advancements in information technology and work towards an interconnected world, malicious attackers have not fallen short. The cyber threat landscape has never been more intense, and cyber security has never been more important.

In the first half of 2018 alone, a report from Gemalto states that a total of 4.6 billion records spread across 945 security incidents were reported. 308 of these reported incidents were in Australia.


This prompts the following questions, how well protected is your organisation in today’s cyber threat landscape? What unknown vulnerabilities exist in your environment? Where are your organisation’s cyber weak spots?

A penetration test is a great way to gain the visibility required to answer these questions. What follows are some of the most common security risks that can be uncovered by various types of penetration testing.


5. Legacy Systems

In the context of cyber security, legacy systems refer to those that are no longer supported and as such do not receive security patches or updates. Continuous changes need to be made to meet the latest threats, systems that are left behind often become the weakest link.


4. Inconsistent Patch Management

Closely related to legacy systems is patch management. A critical part of maintaining I.T. infrastructure is the practice of updating software to address issues after the release of the affected software. Some of these issues are security related. A consistent patch management process can ensure that all assets are patched as needed. A penetration test can identify gaps in your patch management process.


3. Vulnerable System Configurations

Systems are often configured by default with a focus on availability and convenience at the cost of security. Alternatively, administrators of systems can also make mistakes in configurations which can result in unknown vulnerabilities which sit dormant until a malicious actor makes the vulnerability known to you. Infrastructure penetration testing is well suited to detect these risks.


2. Vulnerable Web Applications

Web applications can contain thousands of lines of application code, developers can make mistakes. Whether the application is internally developed or externally sourced, a web application penetration test can be used to provide assurance that a certain application is not putting your organisation at risk of a breach.


1. Password Reuse or Weak Passwords

Even when there are no vulnerabilities across your own systems, you may still be at risk. Password reuse across multiple systems can mean a breach in another company can affect your systems. In the case of weak passwords like ‘Spring2018’, simple guessing attacks can result in a breach. A penetration test can highlight reused or weak passwords, so they can be reset.

As with most problems, knowing is half the battle. Penetration testing can help provide the visibility required to act before it’s too late. If you’d like to learn more about how we can help you understand your organisation’s security posture, reach out.

Topics:PentestingRed TeamingRisk Assessment


Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe to Updates