Security Talk with a Senior Security Consultant, Iskandar from LOGIQUE

It seems like we need to start raising awareness among business owners, organizations, and institutions about the importance of penetration tests or security audits.

I'm not familiar with those terms. Could you explain what a penetration test or security audit is?

Penetration tests are audit activities that simulate cyber attacks, usually conducted by cybercrime experts, against a system.

So, it's like a real cyber attack?

Yes, through these tests, we can identify security vulnerabilities in the targeted system and be better prepared for actual cyber attacks.

Is it really necessary to do this?

With the continuous advancement of technology, cyber attack techniques are also evolving. Carrying out regular penetration tests are crucial to ensure that the existing security measures in a system are up to date and capable of handling the growing number of cyber threats.

We have received numerous requests to help companies conduct penetration tests.

LOGIQUE can provide penetration testing and security audit services with experienced and certified consultants in the field of cybersecurity.

Oh, Can you tell me more about penetration tests? I'm curious to know if LOGIQUE has any special or unique aspects in their service compared to other companies.

As Iskandar mentioned LOGIQUE carries out penetration tests by internationally certificated pen-testers. This ensures that the report and testing procedures adhere to well established standards. In terms of pricing, we believe it’s quite reasonable.

LOGIQUE has an accomplished development team that consists of back-end developers, front-end developers, devops specialists, and more. In situations where clients require technical advice to address identified security vulnerabilities, our dedicated technical team at LOGIQUE is readily available to provide assistance.

Can you give me a rough idea how much it would cost?

The cost can vary significantly depending on the scope and type of pen-test conducted. We would need to determine the target object for the test, such as a website, mobile application, network, or other systems. Additionally, the decision between a black box test or a gray box test will also be considered, as these factors influence the overall cost.

However, to provide you with a rough estimate, the price for conducting a pen-test on a simple corporate website would be approximately 30 - 40 million Indonesian Rupiah. It is worth noting that other security agencies may charge over 100 million for a similar scope of work.

Sounds good. Can you explain a bit more about black box test and gray box test?

There are two types of methods used in penetration testing: black box tests and gray box tests. In a black box test, the tester has no prior knowledge of the system being tested, including its infrastructure or source code. The tester assumes the role of a hacker and attempts to exploit the system to identify potential vulnerabilities.

On the other hand, a gray box test is conducted with some knowledge about the system, such as network configuration and basic information. This method reflects a more realistic scenario where attackers may have limited access to the target system. Gray box tests can also simulate insider threats, such as cases where employees lack knowledge about digital threats or intentional insider actions.

The price may vary depending on the specific type of test required ya?

yes, it does. No worries, once we have a clear understanding of the situation and your requirements, we will be sure to provide you with appropriate suggestions and recommendations.

Ok, sounds not very difficult to be secured. But That’s it? or are there anything else a company should consider regarding cyber security or penetration test?

It is indeed not difficult for a client. But on the other hand it is important to have a right understanding that regular assessment / regular penetration test should be carried out.

From me, I’d suggest considering not only penetration tests but also implementing a phishing simulation tool (Cywareness).

What is the phishing simulation tool?

The Cywareness phishing simulation tool is a comprehensive solution designed to assess and enhance employee security awareness and readiness against phishing attacks. It enables companies to send realistic simulated phishing emails to employees and monitor their responses. By using Cywareness, companies can identify potential weaknesses in their employees' ability to detect and prevent phishing attacks and provide appropriate training.

Is this tool required by the company?

Sure. We have been receiving considerable interest in phishing simulation as well. The potential risks and consequences associated with phishing attacks can be substantial. Hence, we strongly recommend prioritizing the enhancement of employees' literacy regarding phishing fraud. Cywareness serves as an excellent tool to address this need.

Absolutely! By combining penetration testing with the Cywareness phishing simulation tool, companies can establish a more comprehensive cybersecurity enhancement strategy.

Thank you for the explanation. I now understand the importance of conducting penetration tests and implementing phishing simulation tools for companies.

You're welcome. Remember, it's crucial for companies to stay vigilant and consistently implement security measures to protect themselves from phishing attacks and other cyber threats.

If you have any further questions or need assistance with penetration testing, feel free to contact LOGIQUE. We're always ready to help.