Penetration testers, ethical hackers hired to circumvent a company's security defenses and measure those defenses' ability to repel sophisticated attacks, were the subject of a two-part series on BBC News recently.
In Part One, "Licensed to hack: Cracking open the corporate world," Trustwave's John Yeo explains that sometimes falling victim to a penetration tester's wily methods is the only way to prevent staff from repeating bad security habits:
"It's very difficult for users and employees to gain the necessary level of awareness and education to stay safe in any other way."
Trustwave's Michele Orru walks the reporter through an attack that integrates social engineering, browser hijacking and the impersonation of a social network site's log-in page to steal user credentials in Part Two. Read "How to put cybersecurity defences to the test" and watch a video demonstration of Michele's exploit here.
Penetration testing provides demonstrable evidence of how an attacker might hoodwink your staff or foil your defenses and what you stand to lose in the instance of such an attack.