How penetration testing can help you comply with the GDPR – IT Governance Blog

You might be a small organisation that’s seemingly below cyber criminals’ radar, but you are far from immune to data breaches. Small and medium-sized enterprises account for a large proportion of cyber attacks, victims of random and indiscriminate attacks that target vulnerabilities, rather than specific organisations.

The Cyber Security Breaches Survey 2017 shows just how prevalent the issue is. Almost half (46%) of respondents identified at least one cyber security breach or attack in the past 12 months. These incidents are often a result of an unpatched system or other vulnerability that can be easily identified in a penetration test.

Penetration testing is essentially a controlled form of hacking in which a professional tester, working on behalf of an organisation, uses the same techniques as a criminal hacker to search for vulnerabilities in the company’s networks or applications.

The importance of penetration testing will become even more apparent when the EU General Data Protection Regulation (GPDR) takes effect on 25 May 2018. It is one of the measures mentioned in Article 32 of the Regulation, which outlines organisations’ need to put in place defences appropriate to the risks they face.

The GDPR and penetration testing

Most organisations will recognise that the greatest threats exist where their systems are exposed to the Internet. Whether through malicious attacks or staff misuse, an organisation’s systems are most likely to be compromised wherever internal systems meet the external environment.

Although it is possible to completely secure a network by closing it off from the outside world, most organisations need the logical perimeter to be porous to some degree.

For GDPR compliance, penetration tests are crucial. They provide a final, end-of-state check to make sure all the necessary security controls have been implemented correctly. They can also be used in the early stages of developing new processing systems to identify potential risks to personal data.

Free webinar: how can penetration testing support your GDPR project?

Learn more about how penetration testing can help you with GDPR compliance by joining our free webinar. Compliance solutions: how can penetration testing support your GDPR project? is hosted by IT Governance’s founder and executive chairman, Alan Calder, and head of technical services, David Grove, and explains how penetration testing can help organisations comply with the GDPR. It covers:

  • Penetration testing and its role in demonstrating GDPR compliance;
  • Implementing technical measures to ensure data security and compliance with Article 32 of the GDPR;
  • Why penetration tests are vital in uncovering vulnerabilities before criminals do; and
  • How to meet legislative and regulatory requirements and achieve an integrated approach with standards such as the PCI DSS, ISO 27001 and the GDPR.