What is Penetration Testing? – Back to Basics


So what is penetration testing? Firstly, some background as to why it’s needed in the first place. Over the past 12 months, the global average cost of a data breach has increased by nearly 10% – the largest single year increase in the last seven years. Due to the changes in working behaviours, businesses have found alternative methods for daily operations, resulting in a heavy reliance on technologies and online services. This has given cyber criminals additional avenues to exploit and compromise your business. It is now more imperative than ever to secure your devices, protect your people, and mitigate any security vulnerabilities.

The Threat Landscape

Cyber crime has been making headline news for many years now, and as technologies advance, we are advised that it is paramount to keep our devices and data secure. However, cyber attacks are on the rise, and year-on-year more businesses are falling victim to cyber criminal activities, and the pandemic has seemed to only accelerate this. According to IBM Security’s ‘Cost of a Data Breach Report 2021’, the UK saw the biggest increase in average cost of a data breach from 2020 – 2021; $3.90m – $4.67m (+19.7%). As remote working becomes the new norm, and businesses making huge adjustments to the way they operate, cyber criminals have capitalised on this, with a small business being successfully hacked every 19 seconds.

In December 2021, a ransomware attack targeting the wholesale and IT service provider for SPAR had left more than 300 stores affected by the incident, nationwide. As the company’s IT systems and email accounts were affected, this led to many stores having to pause trading, or only accept cash payments, until the incident was resolved.

Additionally, an “unprecedented” cyber attack had struck multiple UK-based VoIP service providers in October 2021. By using a DDoS attack, which floods the service with internet traffic as an attempt to throw it offline, this resulted in many VoIP providers being affected, including those that provide services for the police and NHS.

Some of the trends that we expect to see in 2022 include:

  • An increase in deepfake attacks (a rise of 43% since 2019).
  • Third-party risks (from a rise in supply-chain attacks from 2020-2021).
  • Hybrid working vulnerabilities.
  • A rise in malicious and dangerous apps.

What is Penetration Testing?

If you’re not a tech-head, one of the easiest ways to understand a penetration test is imagining a fire drill at your place of work. Just as you would perform fire drills to make sure your alarms are working and your employees know the procedure, a penetration test is a ‘fire’ but in a controlled and authorised manner. A penetration test can be performed on virtually anything that can connect to the internet, and its purpose is to identify then secure existing vulnerabilities before cyber criminals find them. These can be performed on your website, network infrastructure, mobile apps, IoT devices, and even physical security through social engineering. Just like real cyber criminals, ethical hackers can manipulate your staff into providing them the information they need through phishing emails, contacting them via telephone, or even visiting their office premises.

The typical penetration test process include:

  • The organisation will provide details of in-scope systems.
  • Scanning tools are then used on the in-scope systems.
  • Attacks are performed to gain access and discover any vulnerabilities.
  • The ethical hacker will see whether they can maintain access in the discovered vulnerabilities.
  • A full report will be given to the organisation to explain the findings and remediations.


Performing regular penetration tests on your organisation’s systems provides many benefits in keeping your business secure. With over 10,000 high-severity vulnerabilities found in UK businesses each year, and with an average of 191 days for a business to detect a breach, it is more crucial than ever to ensure your business implements an effective cyber security strategy.

Periodic penetration testing will help your business:

  • Identify all known weaknesses in your network, cloud, website, apps, mobile, VoIP, database, Wi-Fi, and even physical space.
  • From the recommended security improvements, you can protect sensitive internal data, your clients’ data, and the infrastructure system which supports it all.
  • Ensure you remain compliant and meet security standards – including ISO27001 and PCI DSS.

At Mitigate Cyber, we offer various penetration testing services performed by our team of CREST-certified ethical hackers. Simulated hacks are key to safeguarding your computer systems, your data, and your customers’ data. Our penetration tests must constantly evolve to counter emerging hacking strategies. We work with Lancaster University for committed support from a global network of security professionals, academia, auditors, and certification bodies.

In our ever-evolving digital world, it is imperative to ensure your systems are secure and running as they should be. For more information, or to speak to a Mitigate Cyber expert, get in touch using the link below.


Ready to get started?

Scroll to Top