Freya Evans, Category Executive, Software and Cyber Security, explains the importance of penetration testing and how it could help protect your organisation against cyber attacks.

Our Cyber Security Services 3 Dynamic Purchasing System (DPS) was created in partnership with the National Cyber Security Centre (NCSC) to provide you with a route to market for essential cyber security services. These are particularly important in the current environment, with many of us working more remotely.

The DPS, which has 117 suppliers (and counting), enables you to filter by your needs and opt for either an NCSC-assured supplier or a supplier with qualifications that are not NCSC-assured, which opens up the supplier pool to small to medium enterprises (SMEs) which hold alternative cyber security credentials. One of the services, among the many available, is penetration testing. 

What is penetration testing?

Penetration testing enables you to conduct an authorised test of either your computer networks or systems, with the intention of highlighting any security weaknesses these networks or systems may have. 

It is conducted by authorised testing partners that use the same tools and techniques a potential attacker would use. These testers identify publicly known vulnerabilities and configuration faults that could leave your organisation vulnerable to a cyber attack or breach. They find any vulnerabilities and make recommendations for suitable remediation.

Why is it important?

Chris Ensor, Deputy Director for Cyber Skills and Growth at NCSC, commented on the importance of the service: 

“Penetration testing is a great way of finding vulnerabilities in your system before an attacker causes you harm. It’s a bit like going to the doctor’s for a health check to see if you have things like high or low blood pressure or cholesterol, so they can be treated before these things cause you harm. For those familiar with Cyber Essentials, the Plus level of certification is effectively a tightly scoped penetration test to ensure you have implemented the 5 controls correctly and consistently. Being forewarned is forearmed, as the saying goes.”

Finding suitable suppliers

Penetration services are available through the DPS from 117 service partners, 48 of which are CHECK-certified by the NCSC. If a provider is CHECK-certified, this guarantees their testing methods are approved by the NCSC, the individuals conducting the penetration testing have NCSC-approved qualifications, suitable experience at conducting the tests and have been security cleared. 

Opportunities for SMEs are also bolstered – 75% of the 117 suppliers on the DPS are classified as SMEs. This means access to cyber security services that are not only vetted to the highest standards, but that also align with the government’s SME agenda and social value, improving innovation and competition in this market. 

Solutions to keep your organisation running safely

To find out more about Cyber Security Services 3 and penetration testing, you can read our brochure, visit the framework web page or complete our enquiry form and our team of experts will be in touch to help you.