English | Français
Main
Ethical Hacking
Penetration TestingWhat a Penetration Test is Methodologies and Standards Results Analysis
Case StudiesCase Study For ManagementCase Study For IT Experts
Security Auditing
Security EvaluationSecurity AuditSource Code Review
Case StudiesCase Study For ManagementCase Study For IT Experts
Risk Management
PreventionSecurity Training Secure Programming
Reaction Incident Recovery Incident Forensics
Company
GeneralCareersOverviewManagement TeamCorporate Presentation
PartnersOur Partners
Contacts
Sales & MarketingLocationsHave Us Contact You
SupportCustomer Login

Case Studies For Management

Penetration Testing


This section highlights the importance of the information security and regular penetration testing for corporate managers and business directors. It explains how dangerous a carefree approach to IT security can be and the enormous risk companies really do face today.

Nowadays many corporations operate with the innocent belief that they do not handle any confidential information and don’t have any unfair competitors, and therefore nobody will ever try to compromise their IT systems.

The following case study describes why hackers might attack your system today even if you think that nobody can win money on it.


Case study: Protection of a System Without Enemies.


Management of a large East European construction company was careless in their network security. They were sure their company has no enemies, rivals or unfair competitors. They also didn't handle any confidential or personal information required special security measures. They were convinced that nobody could benefit by breaking into their systems, that is, until police officers accompanied by the Interpol showed up on their premises. At the peak of its prosperity, the company and its employees were being charged with a whole list of crimes and frauds in the Internet.

As they learned during the incident forensics process, hackers had discovered weaknesses in their corporate network, allowing them to enter and take full control of it. Company computers became zombies - used to spam, promote child pornography, advertise drugs and illegal goods, or to send links to fraudulent web sites specially crafted to steal credit cards numbers. In addition one of the corporate servers was turned into a hidden criminal data-exchange center, storing thousands of files with all kinds of commercial and banking information previously stolen or intercepted by hackers from all over the world.

At the same time, a few banks and financial institutions were attacked by unknown hackers, who stole and modified much of their confidential information. Losses were evaluated in hundreds of millions of dollars. Unfortunately however, all the traces led back to the construction companyʼs local network, which the hackers had used to hide the real source of the attack. To make things worse, all the technical proofs pointed to the company and its employees.

As a result of careless approach to IT security, the company was driven to court with colossal expenses and ultimately forced into bankruptcy.


Solution


To minimize IT risks and prevent security incidents High-Tech Bridge strongly recommends to perform an independent penetration test by a third-party after any significant change of your IT infrastructure or at least twice a year. Independent security evaluation will eliminate the conflict of interest, which may appear if the evaluation is performed by your IT department, system integrator or solution vendor.

High-Tech Bridge'a approach to penetration testing will help you to understand why and how hackers will approach your systems and break inside. Upon completion of it your IT team will get the report describing all the discovered vulnerabilities and methods to fix them. Management will be provided with a separate report explaining why hackers may chose their systems as a target, what is the possible impact on the core business processes and how to prevent it.

Please contact High-Tech Bridge or request a call back to get a personalized penetration test offer within the next 24 working hours.

High-Tech Bridge Corporate Presentation

Recent US-CERT Alerts:

Microsoft Updates for Multiple Vulnerabilities Microsoft Updates for Multiple Vulnerabilities Microsoft Internet Explorer Vulnerabilities Adobe Reader and Acrobat Vulnerabilities

Recent Vulnerabilities:

Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability Microsoft Excel FNGROUPNAME Record Remote Code Execution Vulnerability Squid Web Proxy Cache HTCP Request Processing Remote Denial of Service Vulnerability Linux Kernel KVM Multiple Privilege Escalation and Denial of Service Vulnerabilities
Ethical Hacking ISO 27001 CISO/CSO OWASP OSSTMM CERT MELANI CEH IMPACT PCI DSS Security Policy COBIT
2007-2010 © High-Tech Bridge SA, Switzerland
Contacts Legal Disclaimer Privacy Policy
World Trade Center, CP 390
29, Route de Pre-Bois
CH-1215 Geneva 15, Switzerland
Tel: +41 (0) 22 723 24 24
Fax: +41 (0) 22 788 35 71
Print VersionPrint Version