Frequently Asked Questions

What is the difference between a Penetration Test and a Vulnerability Assessment.

Penetration Test (pentest) and Vulnerability Assessment (VA) are two terms that are often incorrectly used interchangably.  

A Vulnerability Assessment is a test of systems designed to identify potential security gaps and misconfigurations that could be used as part of an intrusion or data compromise.  The VA is designed to find gaps and and determine the effect that these cyber threats could have on a network, but does not include attempts to actually break in to systems.  Think of a vulnerability assessment as the digital equivalent of a burglar casing a building to identify weak security points that can be used to break in at a later time.  Vulnerability Assessments are less intrusive and time consuming than penetration testing.

A Penetration Test normally begins with a Vulnerability Assessment and then uses the results to attempt to exploit identified weaknesses in order to judge the likelihood and effectiveness of a particular attack.  Pentests are comprehensive and time consuming, but produce the most useful results that can assist an enterprise in identying and remediating legitimate threats to systems and data

Why do we need cybersecurity?

Cyber-attacks target many businesses, including manufacturing companies, nonprofit organizations, financial institutions, government organizations, and many other business entities. The constant advances in technology and cyber threats continue to increase, and pose vulnerability to all businesses and their security.

Am I really at risk for cyber-attacks?

Yes, everyone is a potential target. Though many recent victims of cybercrime are manufacturers, nonprofit organizations, hospitals and financial institutions, no company is immune from a cyber-attack including cyber hacking, social engineering, malware, ransomware, or data theft.

Why do employees need cybersecurity training?

Without cybersecurity training for employees, human vulnerabilities exist that can make an organization susceptible to a cyber-attack or data breach. Cybersecurity training is necessary to ensure employees understand how to identify a potential attack such as a phishing email and how to mitigate the risk. It helps them understand the risks and consequences of not taking necessary precautions. With new attacks and risks continuing to arise, cybersecurity training is always changing and employees need to be updated on new threats on a regular basis.