Penetration testing helped an insurer test its ability to protect its applications.
Collinson Group manages more than 20 million customers from 25 offices. Its products and services span loyalty solutions, lifestyle and airport lounge programmes, insurance and assistance services. It needs its systems to be secure, but it had no way of knowing whether its defences provided adequate protection. Penetration testing from IT Governance, a Cambridgeshire-based CREST member company, provided that.
Penetration testing consists of a simulated attack on a network or application to identify the vulnerabilities a cyber attacker can exploit. By identifying exploitable vulnerabilities, a penetration tester can provide guidance on specific risks and advice on how to fix these issues. Timing mattered to Collinson, as the company wanted to fit the tests into a tight window between a project being completed and going live.
Ian Kilpatrick, group information security officer at Collinson Group, said: “IT Governance combines the delivery of real insights with a cost-effective service rather than just repackaging the results of using a vulnerability scanner.”
The penetration tests led to advice that allowed Collinson to respond to threats it faced. Ian Kilpatrick described the reports as helpful and accessible. He said: “As a sophisticated buyer, I’m more interested in the pay dirt of what was found and whether I have enough information in the report to translate that into a change request for my development teams. What really matters to me is that the findings in the report can be actionable.
“We see people offering pen tests at vastly different prices – both cheaper than IT Governance and more expensive. IT Governance combines the delivery of real insights with a cost-effective service rather than just repackaging the results of using a vulnerability scanner.”
Alan Calder, founder and executive chairman of IT Governance, is among the afternoon speakers at the ‘Future of Cyber Security Manchester’, talking about ‘cyber security health checks to initiate a GDPR, NIS Directive or ISO 27001 compliance project’. The event, on September 14, runs at Manchester United Football Club. For the full day’s agenda visit http://cybermanchester.events/programme.
