Here’s a crash course in the mysterious, frightening, sometimes arcane, but absolutely vital world of penetration testing. Cyberattacks cost Canadian companies billions of dollars each year in cleanup costs. So why aren’t more of them trying to prevent breaches in the first place? Here’s a crash course in the mysterious, frightening, sometimes arcane, but absolutely vital world of penetration testing.
Jason McBride, wrote a 9-page article for The Globe and Mail’s Report on Business Magazine on the importance of proactive penetration testing. Penetration testing the the best way for organizations to test the strength of their cyber security against cyber crooks.
Before launching Cypfer a year ago, Tobok ran Digital Wyzdom—which by 2013, he says, was the largest private forensic company in Canada. After Telus bought it out, Tobok spent three years running Telus’s national security team before striking out again on his own. Cypfer bills itself as “the elite force of global cybersecurity” and, accordingly, Tobok has stacked it with seasoned ex-cops and former military personnel—among them, Gene McLean, a member of the Security Intelligence Review Committee (the CSIS watchdog); and Nicholas Scheurkogel, former head of cyberintelligence capabilities at the Department of National Defence. The company’s clients have included Bombardier, Cisco and the Bank of Canada.
When I first visited Cypfer’s offices at Yonge and Eglinton in early spring, its 20-some investigators had been working around the clock to repair the damage caused by six separate data breaches across the country. (The company usually does between 25 and 30 investigations a month.) But aside from a pizza box in the boardroom, the eerie silence (most staff had gone home to rest) and the fact that the company’s exhausted VP of forensics, a former detective sergeant with the OPP’s high-tech crime unit named Bernard Miedema, had traded in his customary suit for an open-collar shirt and chinos, there was little evidence of the day’s labour. The office was impeccably clean, quiet and orderly, an almost nondescript study in dove grey and frosted glass. Even the forensic lab—the nerve centre of the operation, equipped with a dozen computers (none of them connected to the Internet) and littered with Cellebrite mobile forensic devices, write blockers (hard drives, essentially) covered with yellow evidence stickers, and other expensive, arcane gadgets—had a serene ambience that was more Mister Rogers than Mr. Robot. To the untrained eye, only the biometric handprint lock that kept the room secure and a ceiling-mounted siren light, which glows orange when visitors are around, suggested the room was anything more than an IT-department supply closet.