Beyond the Annual Check: The Case for Continuous Pen Testing and Vulnerability Scanning

Do you know what an attacker sees when they look at your business?

In 2025 a 158-year-old business went out of business leaving 700 employees without a job.  This is a business that survived recessions, wars, government changes and technological advances but was brought down by something as trivial as a weak password.

That one password allowed attackers to deploy a devastating ransomware attack against the company that not only encrypted their entire digital estate but also destroyed backups and disaster recovery systems meaning the company could not recover from the attack and was forced to close its doors.

Ransomware attacks have exploded globally and most of these attacks beginning with simple vulnerabilities such as weak password or unpatched software.  37% of companies hit by ransomware having fewer than 100 employees because attackers know that small businesses often do not have dedicated security people or the skills to ensure proper cyber hygiene practices are implemented and enforced making them easy targets with 27% of small businesses having no cyber security protections at all!  A recent survey suggested that 75% of small businesses could not continue to operate if they were hit with a ransomware attack with the costs of recovery and the disruption to services being more than they could withstand.

“If you’re reading this it means the internal infrastructure of your company is fully or partially dead… Let’s keep all the tears and resentment to ourselves and try to build a constructive dialogue”.

That was the devastating ransom note received from the attackers.  They wanted £5 million, an amount too great for the business even if it wanted to pay.  The average ransom demand is around £750,000 in 2025 but there are downsides if you have the means to pay and choose to do so.  80% of businesses who pay a ransomware demand are attacked again soon after and 46% of them got access to their data but most of it was corrupted beyond recovery.  Increasingly, ransomware attacks include a second level of extortion, whether you pay the ransom to recover your data, the attackers have also copied it to their systems and demand more money, or they will release it.

In this case the business had cyber security in place that complied with industry standards, or at least they thought they had as the breached account was missing several key security features that could have helped stop the attackers gaining access.

This highlights the important of having systems in place that allow you to see some of what attackers might see when they turn their eye to your business.  Conducting regular penetration testing and vulnerability scanning can help to show you that information and give you a chance to fix problems before they are discovered by malicious attacker.

If you would like to know more about how RTS services can have information like this delivered to your inbox monthly to help you keep the cyber predators at bay, get in touch today!