Ethical hacking
Cybersecurity
Download the e-book
DISCOVER THE 5 SECURITY STEPS FOR PROTECTING YOUR COMPANY
Zero-trust security turns the logic you know on its head. Everything and everyone is suspect, including your internal traffic and your own employees. Ban everything and only allow what must be. The best thing is to draw up a security plan based on the worst-case scenario. Your greatest challenge is to think carefully about who among your employees should have access on which device, and to which networks, applications and data.
Zero trust:
trust nothing and no-one
By 2024, up to 40% of all data traffic is likely to be transmitted over 5G at speeds of up to 10 GB/second. Technology makes our lives easier and opens the door to new business applications but also to cyber threats such as infected data packets and corporate espionage. The best way to counter this is to dramatically increase your security and monitoring levels.
5G: enormous opportunities but extra attention is needed on security
In 2020, the cloud really became the way to go to ensure the continuity of your business. This rapid migration to the cloud also brings new security challenges. What threats do you need to watch out for in 2021? Poorly configured cloud storage, reduced visibility and control over your data and vulnerable cloud applications and infrastructure.
Increase in threats via the cloud
“Ethical hacking is indispensable in a good security strategy for SMEs as well.”
Davinsi Labs is a Proximus Accelerator and helps companies achieve Digital Service Excellence through specialised Security Intelligence and Service Intelligence solutions. In today's digital world, customers expect their data to be managed with the utmost security and they want a fast, flawless customer experience. As a Managed Services Provider, Davinsi Labs offers a portfolio of solutions to achieve Digital Service Excellence for the most business-critical applications and services.
EthiCAL hackInG in 3 stEPS
1. Clear agreements are made about what exactly is to be tested.
2. The penetration test(s) are started. All functionalities of an application are scrutinized.
3. A detailed report documents all findings: what impact they have and how likely the business applications are to be exploited. When it comes to critical vulnerabilities, we are contacted immediately and can guide the client to a quick solution.
THE 13 SECURITY RISKS FOR 2021
2020 was the year of corona and hybrid working. But also the year of phishing and ransomware, because cybercriminals found huge gaps in home network security. The healthcare crisis is therefore defining the security landscape of 2021.
DISCOVER THE RISKS
5 questions on ethical hacking
"Ethical hackers look for the security holes in websites, mobile applications, and (wireless) corporate networks," explains Sander Van der Borght, ethical hacker at Davinsi Labs. "We use the same tools and techniques as malicious hackers and report any vulnerabilities we find. We also run phishing campaigns to build and measure user awareness. End users remain a very vulnerable link. In this way, we help companies to protect themselves against hackers with bad intentions.”
1. WHAT IS ETHICAL HACKING?
2. SECURITY SCANNERS OR ETHICAL HACKING?
"The human brain still reasons better than a computer and can think out-of-the-box," explained Sander. "Automatic scanners do not take the operation or context of an application into account. They are an added value because they can scan many assets and large volumes in a short time. However, they provide no guarantee about the quality and depth of the results. For example, we might find a vulnerability that allows us to create a user with more rights than originally allowed. Or we are able to look into orders or invoices of other people. These types of vulnerabilities are very serious and are called business logic vulnerabilities. A scanner does not find these kinds of vulnerabilities and as a result a lot of things stay under the radar. If you want to be compliant, you need to have penetration testing done.”
Sander: "One test unfortunately does not give a conclusive guarantee that your policy is foolproof. Hackers invent new tools and techniques every day. So what is secure today may have a critical vulnerability tomorrow. It is therefore important to do penetration testing regularly. It is best to start early in the development phase to have the code of your application tested and then preferably at each major change (of code and/or infrastructure). This way, you can solve problems before they occur.”
3. WHEN IS IT BEST TO HAVE YOUR COMPANY ETHICALLY HACKED?
The 13 greatest security threats of 2021
Proximus investigated cybersecurity in 122 Belgian SMEs
of businesses are worried about possible attacks
were the victim of a cyberattack in 2019
of the attacks occurred via phishing
Ethical hackers use the same techniques as rogue hackers to expose and repair vulnerabilities in your cybersecurity. Sander Van der Borght and Stephen Corbiaux, ethical hackers at Davinsi Labs, explain.
4. WHAT ABOUT NEW TECHNOLOGIES?
"New technologies are no harder to hack than existing ones," says Stephen Corbiaux, ethical hacker and Solution Lead Vulnerability Management at Davinsi Labs. "Software continues to be developed by people and people make mistakes. The fact that the top ten threats from ten years ago are still burning today says it all. But if there is one category that is hugely vulnerable, it is IoT. It is impossible to put a number on poorly secured devices and devices that do not get security updates after two to three years.”
Stephen: "No, ethical hacking is indispensable in a good security strategy for SMEs as well. As a first step, we look at the crown jewels and infrastructure that are online. When an organization has sufficient security maturity in its external environment, internal assets are tested. This can be done through customized penetration testing, even for the smallest infrastructure or application.”
5. CAN ONLY LARGE COMPANIES ARRANGE TO BE HACKED?
Ethical hacking
Cybersecurity
Davinsi Labs is a Proximus Accelerator and helps companies achieve Digital Service Excellence through specialised Security Intelligence and Service Intelligence solutions. In today's digital world, customers expect their data to be managed with the utmost security and they want a fast, flawless customer experience. As a Managed Services Provider, Davinsi Labs offers a portfolio of solutions to achieve Digital Service Excellence for the most business-critical applications and services.
Ethical hackers use the same techniques as rogue hackers to expose and repair vulnerabilities in your cybersecurity. Sander Van der Borght and Stephen Corbiaux, ethical hackers at Davinsi Labs, explain.
5 questions on ethical hacking
"Ethical hackers look for the security holes in websites, mobile applications, and (wireless) corporate networks," explains Sander Van der Borght, ethical hacker at Davinsi Labs. "We use the same tools and techniques as malicious hackers and report any vulnerabilities we find. We also run phishing campaigns to build and measure user awareness. End users remain a very vulnerable link. In this way, we help companies to protect themselves against hackers with bad intentions.”
1. WHAT IS ETHICAL HACKING?
2. SECURITY SCANNERS OR ETHICAL HACKING?
"The human brain still reasons better than a computer and can think out-of-the-box," explained Sander. "Automatic scanners do not take the operation or context of an application into account. They are an added value because they can scan many assets and large volumes in a short time. However, they provide no guarantee about the quality and depth of the results. For example, we might find a vulnerability that allows us to create a user with more rights than originally allowed. Or we are able to look into orders or invoices of other people. These types of vulnerabilities are very serious and are called business logic vulnerabilities. A scanner does not find these kinds of vulnerabilities and as a result a lot of things stay under the radar. If you want to be compliant, you need to have penetration testing done.”
Sander: "One test unfortunately does not give a conclusive guarantee that your policy is foolproof. Hackers invent new tools and techniques every day. So what is secure today may have a critical vulnerability tomorrow. It is therefore important to do penetration testing regularly. It is best to start early in the development phase to have the code of your application tested and then preferably at each major change (of code and/or infrastructure). This way, you can solve problems before they occur.”
3. WHEN IS IT BEST TO HAVE YOUR COMPANY ETHICALLY HACKED?
4. WHAT ABOUT NEW TECHNOLOGIES?
"New technologies are no harder to hack than existing ones," says Stephen Corbiaux, ethical hacker and Solution Lead Vulnerability Management at Davinsi Labs. "Software continues to be developed by people and people make mistakes. The fact that the top ten threats from ten years ago are still burning today says it all. But if there is one category that is hugely vulnerable, it is IoT. It is impossible to put a number on poorly secured devices and devices that do not get security updates after two to three years.”
“Ethical hacking is indispensable in a good security strategy for SMEs as well.”
Stephen: "No, ethical hacking is indispensable in a good security strategy for SMEs as well. As a first step, we look at the crown jewels and infrastructure that are online. When an organization has sufficient security maturity in its external environment, internal assets are tested. This can be done through customized penetration testing, even for the smallest infrastructure or application.”
5. CAN ONLY LARGE COMPANIES ARRANGE TO BE HACKED?
of businesses are worried about possible attacks
were the victim of a cyberattack in 2019
of the attacks occurred via phishing
EthiCAL hackInG in 3 stEPS
1. Clear agreements are made about what exactly is to be tested.
2. The penetration test(s) are started. All functionalities of an application are scrutinized.
3. A detailed report documents all findings: what impact they have and how likely the business applications are to be exploited. When it comes to critical vulnerabilities, we are contacted immediately and can guide the client to a quick solution.
Download the e-book
DISCOVER THE 5 SECURITY STEPS FOR PROTECTING YOUR COMPANY
Proximus investigated cybersecurity in
122 Belgian SMEs
Zero-trust security turns the logic you know on its head. Everything and everyone is suspect, including your internal traffic and your own employees. Ban everything and only allow what must be. The best thing is to draw up a security plan based on the worst-case scenario. Your greatest challenge is to think carefully about who among your employees should have access on which device, and to which networks, applications and data.
Zero trust:
trust nothing and no-one
The 13 greatest security threats of 2021