Anyone with a computer and an Internet connection nowadays can set themselves up as a penetration testing or cyber incident response service provider. This could include organisations that do not have in place strong policies, processes and procedures to ensure quality of service and protection of client based information. The individuals employed by these organisations may have no demonstrable skill, knowledge or competence, but hold an impressive CV.
Nevertheless, penetration testing is an important activity – from the perspective of your organization’s security as well as compliance with existing laws and regulations. To ensure that a penetration test simulates a real-life attack in IT/OT, many organizations prefer availing services of an independent, 3rd party service provider. To choose a particular penetration testing service provider with proven records in operational technology (OT) is indeed a difficult task taken in consideration price, quality and scalability.
After months of preparation and hard work, I am pleased to announce that Applied Risk has received CREST accreditation and membership in EMEA (Europe, the Middle East and Africa). This recognition not only ensures assurance of quality across all testing activities, but sets the standard to the highest level.
What is a CREST accreditation?
CREST is a not-for-profit organisation that represents the technical information security industry, particularly penetration testing, cyber security incident response and security architecture services. CREST offers public and private sector organisations a level of assurance that the technical security advisors they appoint are competent, qualified and professional with current knowledge. It also ensures that the companies they engage with have the appropriate processes and controls in place to protect sensitive client-based information. CREST provides internationally recognised accreditations for organisations and professional level certifications for individuals providing penetration testing, cyber incident response, threat intelligence and Security Operations Centre (SOC) services.
Applied Risk’s accreditation for its penetration testing services has incredible benefits for customers and significant implications for Applied Risk in the Industrial cybersecurity services market at large.
What are the implications for Applied Risk’s customers and prospects?
- Demonstratable level of assurance of processes and procedures of member organization
- Validate knowledge, skill and competence, of information security professionals
- Promotion of the importance of technical security testing with OT environment for asset owners, vendors and practitioners.
As OT environments are more sensitive than traditional IT environments, technical security testing that could potentially be damaging should be planned and undertaken with a high degree of caution. The ‘mission-critical’ nature of the devices in OT environments requires a different approach, but not one that is so impoverished that it provides little value or assurance about the strength of measures to mitigate potential attacks.
If you need assistance securing your OT infrastructure, speak to one of our industrial cyber security professionals or read more about our OT Penetration Testing services.
Or to develop your own knowledge and skills in the latest growing OT penetration testing techniques, experience specialised educational courses, such as the Advanced ICS/SCADA Hacking Training presented by our offensive security team.