Penetration Testing

Why Do Media Companies Look Like Gold Mines to Cyberattacks? 

Penetration Testing at David J. Peck and Associates

Media companies are some of the most visible targets on the cyber threat landscape, and there are several reasons why criminals seek to take advantage of them. Using Intellectual Property Rights for Ransomware. 

Intellectual property thefts are a persistent problem across multiple industries. Controlling when and how content gets released to the public is a prime objective of media companies.  Without full control over the timing of their releases, it is impossible to leverage the sense of suspense created when they whet the appetites of their audiences. 

Cybercriminals know this, and they can use ransomware to control computers that hold intellectual property, preventing workers at the company from accessing it, releasing it, and even editing it. 

This form of penetration testing is focused on applications and processes at the DJPaA machine and user level to expose gaps and vulnerabilities that may exist for hackers to penetrate your networks.  

Routine Penetration Testing is highly recommended for organizations of all sizes to ensure their external and internal networks, applications (web and mobile), and facilities are as secure as possible. Our team will begin with a Vulnerability Assessment, including manually validating discovered vulnerabilities, then move to Penetration Testing by attempting to exploit them while taking a “no harm” approach. DJPaA leverages the NIST and SANS  Penetration Testing methodologies.

The Types of Vulnerabilities Typically Detected by This Testing Include:

  • Microsoft Windows, Linux, and Unix operating system vulnerabilities and patches

  • Known and published host application and service vulnerabilities, such as Apache, Microsoft Internet Information Services (IIS), IBM WebSphere, etc.

  • Simple Mail Transfer Protocol (SMTP) email servers

  • Remote access services, such as SSH, Telnet, RDP

  • Other servers, such as NTP, FTP, SSL wrappers, etc.

  • Network device vulnerabilities, such as firewalls, VPNs, routers

  • Thousands of other vulnerabilities Automated tools can greatly assist in reducing work effort and costs associated with repetitive and time-consuming tasks, but manual techniques and analysis are also performed in each step to have the greatest understanding of your environment. Manual validation of findings reduces false positives; manual vulnerability testing reduces false negatives. False positives on a report lead to wasted effort in remediation. False negatives can expose an organization to risk of intrusion.

  • "His record of corporate successes in a highly competitive cybersecurity environment speaks for itself."

    -Timothy M. Opsitnick

  • " In particular, he provided the core capability we needed to execute a recent cybersecurity assessment for the U.S. Department of Energy (DOE)."

    -Ranson J. Ricks

  • "David has impressed me with his ability to maintain a high degree of security knowledge in a field that is constantly changing."

    -Timothy M. Opsitnick