Vulnerability Scanning vs Penetration Testing
Even some of the most accomplished IT professionals are not sure about the difference between a vulnerability scan and a penetration test. Here are three basic differences between the two terms:
1. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment. A penetration test on the other hand is the practice of testing a computer system, network or web application to identify insecure business processes, poor security settings, or other weaknesses that a hacker could exploit.
2. While a vulnerability scan informs the stakeholders about the system vulnerabilities, a penetration test shows how these vulnerabilities could be exploited to cause harm to the organisation.
3. A vulnerability scan could be performed by an organisation's IT department using tools such as OpenVas and Nessus. A wide range of tools are available for use during a penetration testing but it’s the skill of an experienced pen-tester that is needed to identify ways in which vulnerabilities can be exploited.
Privasec's COO to speak at Australian Utility Week
Privasec’s COO, Karan Khosla has been invited to participate in the panel discussion at the Australian Utility Week, the leading digital utility expo in the Australasia region. The discussion will address emerging cloud business models for the utility sector and issues related to ensuring tactical agility for cybersecurity, product evolution and effective partner integration. Privasec’s Senior Security Consultant James Cristofaro will cover security implications of managing “Behind the Meter” devices in a hostile operating environment.
Come and say hello if you are attending the conference. Check out the event details here:
The Weakest Link
According to the OAIC (Office of the Australian Information Commissioner) report, 36% of all cyber-attacks in Australia are caused by human error, this is the phenomenon known as PEBKAC (Problem Exists Between Keyboard And Chair). Thus, employees are our greatest assets, and our weakest link by potentially falling victim cyber-attacks in various forms. They are also our first line of defence, hence continuous education, training and awareness are needed to remain vigilant against cyber-attacks.
According to an article by Smart Company (one of Australia's premier publication for growth businesses and entrepreneurs), 516,380 small businesses fell victim to cyber-crime last year. The first step in falling for a cyber-attack is believing that you won’t be attacked. Prevention starts with educating your employees about some of the most common types of cyber-attacks such as Spear Phishing and how they can be countered.
Spear Phishing attacks differ from other phishing attacks in that they target a victim to extract information. The messages are tailored to the victim and thus increasing the chances of fooling the recipient. The first step to prevent spear phishing is to minimise exchange of confidential information via email and to avoid posting too much personal information online.
Give us a call at 1800 996 001 and talk to our highly experienced security consultants to discuss your company’s cybersecurity priorities and discover how we can help.
Privasec's Director invited to speak at Ingram Micro’s Cyber Security Exec Lunch
Romain Rallu, Privasec’s Director was invited to speak on ISO 27001 at Ingram Micro’s Cyber Security Exec Lunch last week hosted by Shirley Tan. Romain is an expert in Information Security Management Frameworks, and he shared the top ten misconceptions in the market about ISO 27001. Give us a call if you want to know what is on the list.
Other keynote speakers were McAffee’s CTO Ian Yip and Checkpoint’s CTO Tony Jarvis gave great insights on security trends backed by the powerful intel gathering and correlation only vendor their size can see. A special thanks to Ingram Micro for making the event a great success.