Penetration testing (also known as a pen test) is the practice of simulating an attack on a device, system, network or application to find its security vulnerabilities. The goal is to see if the data system is subject to exploitation through malicious activity. Ethical hackers can be contracted to carry out these tests to check if there are no loopholes in the system.
The first step of penetration testing is to create a comprehensive inventory of the discovered threats. This involves describing the risk (e.g., can the machine be taken over?) and the probability of it happening. The next step is to identify the riskiest, most probable, and most critical threats. Then, a real life test is carried out to show the potential damage these vulnerabilities can incur. An additional benefit is that the company gets to see how capable it is to identify and respond to a breach.
The outcome of penetration testing is invaluable to any business in the era of GDPR. It could be what saves a business from being the victim of a massive data breach, like the one that touched 9.4 million Cathay Pacific passengers earlier this year, Facebook’s most recent data catastrophe affecting 50 million accounts, or the Marriott database infiltration which exposed around 500 million customers of the global hotel chain.