Frequently Asked Questions

Early prevention is paramount in security, as the average cost of a security or data breach is in the millions. By masquerading as real attackers and using all the same techniques as they do, we can find and suggest mitigations for critical vulnerabilities in your systems and networks before the bad guys can.

Yes! Bad actors can have many different motivations, even if they aren't specifically targeted towards you on a personal level. Some common reasons for attackers to commit cybercrimes are: corporate espionage, disgruntled employee retaliation, activism, boredom and wanting to break things, or simply to try to make a profit by stealing your money or selling your data.

Unfortunately not. The world of cybersecurity is a rapidly evolving environment where new vulnerabilities are discovered and exploited every hour of every day. This means that even when we finish our tests and recommend fixes, an attacker might find a brand new way to exploit a system. This is why recurring security audits are critical to maintaining security.

A good rule of thumb is to perform a re-test of your security once a year at minimum, or sooner if your company has had a major change (e.g., you set up a new website, you had major server upgrades, etc.). Some companies are even subject to specific requirements such as HIPAA, PCI-DSS, and SOX that have defined frequencies of recurring penetration tests.