Penetration Tests: a Nuisance, but Life-Saving

PRESS RELEASE

Penetration Tests: A Nuisance, but Life-Saving

Munich, January 14, 2016. Penetration tests can save companies from financial ruin - but they are considered time-consuming and expensive. However, professional tests not only minimize risks, especially in times when IT budgets are tight, they also help save money and ensure the continuity of a business. Three arguments in favor of this essential security measure.

Budgetary restrictions often cause many IT directors to forget just how valuable penetration tests are to a company’s or public authority’s information security. After all, not only do they reveal gaps in systems and processes, but when performed properly they can also disclose how to effectively use a very tightly calculated budget to sustainably enhance IT security throughout a company. Not to mention the fact that many of these tests are now statutory requirements. That is why it is a good idea in general to have penetration tests performed systematically and by experts with the right experience:

• Tests are an important part of IT compliance. The BSI, Germany’s Federal Office for Information Security, has made it abundantly clear: the establishment of security systems alone does not guarantee companies have satisfied statutory requirements. The requirements are manifold and range from the internal control system specifications set forth in the German Commercial Code (HGB §238) and mandatory early warning systems for emergency prevention (§99 Paragraph 2 of the German Stock Corporation Act) to the strict guidelines for storing and processing personal data found in the Telecommunications Act. Penetration tests help examine the technical aspects to determine how effective they actually are, while audits can be a useful way of reviewing non-technical requirements.
• Independent testers are worth it. Even the mere act of planning regular testing by a neutral third party can have a positive impact on a company’s reputation and generally tends to enhance the security level. A neutral perspective from someone outside the company also has the further advantage that the party who developed the security is not the one testing its effectiveness. This prevents potential conflicts of interests and ensures objective testing.
• Penetration tests save money. Penetration tests reveal concrete gaps and are thus more valuable than simply preparing for some assumed and abstract threats. There are also certain risks that only become apparent to IT departments through tests used to identify vulnerabilities. Budgets tend to be limited, but can be effectively used for specific tests and to eliminate concrete gaps - instead of procuring a high-performance firewall in the hopes of having “all-round protection”, an approach that fails to identify errors inherent to a system or other vulnerabilities.

“Naturally, a professional penetration test does cost money in the beginning. However, it is a priceless investment in data security for a company. After all, neglecting security can not only lead to customers losing faith in a company, but can also result in enormous monetary losses. We recommend selecting a serious and experienced external provider. They are the only ones who can help choose the right focal points for the systems that need to be tested and who can also conduct the tests with the level of professionalism needed to do so,” states Bernhard Weber, information security expert at msg.

msg
msg is an independent, international group of companies with more than 5,000 employees around the world. The group of companies offers a holistic service spectrum of creative, strategic consulting and intelligent, sustainable and value-added IT solutions for the following industries: automotive, financial services, food, insurance, life science & healthcare, public sector, telecommunications & media, travel & logistics, as well as utilities, and has acquired an excellent reputation as an industry specialist during its more than 30 years in business.

Within the group, independent companies cover the wide variety of industry and issue-based competence: msg systems ag forms the core of the company group and works in close cooperation with the subsidiaries, both on a business and organizational level. This allows the competence, experience and know-how of all the members to be bundled into a holistic solution portfolio with measurable added value for its customers.

msg holds sixth place in the ranking of IT consulting and system integration companies in Germany.

For additional information:
msg systems ag, Susanne Koerber-Wilhelm, Robert-Bürkle-Str. 1, 85737 Ismaning/Munich
Tel. +49 89/ 961 01 1538, Fax +49 89/ 961 01 1113,
E-Mail:
Hotwire PR, Daniel Hardt, Franziska-Bilek-Weg 9, 80339 Munich
Tel. +49 89/ 210 932 81, E-Mail:
Images and other press-related releases are available at
Reprint free of charge. Sample copies on request.

© msg systems ag 2016 Page1of 2