Non-Functional Testing

Whether it’s your cloud-based voice service at home or personal computers in the office, technology is heavily relied on but with little consideration of the consequences of when things go wrong. Over the past year, businesses have had to adapt to the new terrain of home-working, prioritising the movement of office-based staff and essential technology with as little disruption as possible to clients, customers and employees. As such, many organisations have become wary of the potential disruption caused by carrying out non-functional tests including Disaster Recovery, Business Continuity, Load, Penetration and Red Team testing. However, all of these tests are critical to understanding the health of the technology that underpins an organisation. Therefore, the following blog defines four essential testing practices and explains why you need to integrate them into your business strategy.

Technologies and IT systems are continually changing and so are their protection plans however, many organisations neglect relevant testing due to its time-consuming nature. It is important to consider how the pandemic has changed business functions and how to return to regular testing practice.

Remember - the only way to know if a plan will work is to test it.

Disaster Recovery & Business Continuity

So, what is Disaster Recovery (DR) and Business Continuity (BC)? These practices involve putting a plan or plans in place that will enable the recovery or continuation of vital technology infrastructure, systems, relocation of people and continuation of services following a disaster.

The phrase disaster can cover several things but, in this context, we refer to: natural risks such as floods and other environmental issues, pandemics, technological risks including hardware or software failure, human-induced risks such as cyber-attacks and vandalism. Effects of such disasters range from minor downtime in your IT systems to data loss, total business shutdown or even major damage to your business reputation/valuation and revenue.

With much emphasis placed on the development of a DR or BC plan, many organisations forget that ongoing testing and improvement is all part of effective planning. Equally, DR and BC plans can be complex, so performing tests not only ensures that the plan will work but also can help the organisation understand exactly what action each employee should take during future disaster scenarios.

Although many organisations have a regulatory commitment to DR and BC, as mentioned above, much of this has been put on the back burner whilst businesses navigate the new terrain created by the pandemic. Some businesses even believe that the pandemic is the best possible way to have tested their plans rather than prior DR tests… who would have thought we’d ever be in a position to put those pandemic plans to good use eh? A point to note is that what applied at the beginning of the pandemic will most likely be very different now therefore, businesses should consider how planned actions quickly change during real events and get back to regular testing before they occur.

Regardless of size or industry, when inevitable and unpredictable events take place harming daily operations, your organisation must recover quickly whilst ensuring that disruptions go unnoticed by your clients and customers. So, ask yourself, how prepared is your business for a disastrous event?

Load Testing

Load Testing also referred to as Capacity Testing, is the simulation of a specific and expected demand on a system or application and the measurement of its performance. It determines how systems function under normal and heightened conditions such as a Distributed Denial of Service attack (DDoS) or being accessed by a heavy number of simultaneous users over a certain amount of time. It is conducted to understand systems maximum operating capacity and prevent future system failures.

According to studies and surveys performed by IT industry analyst firms, for every hour of IT system downtime thousands of pounds are lost reaching between approximately £60,000 and £730,000, with financial services leading the list of high rates of revenue loss during IT downtime. Hence, performing regular Load tests can not only aid the scalability of the system and minimise risks of downtime and but also reduce the significant costs of failure.

Penetration Testing

Penetration Testing or Pen Testing is a simulated cyberattack performed by authorised professional hackers to uncover exploitable vulnerabilities within your organisation’s networks and applications. Essentially, it is an evaluation of the security of your computer systems so that you can identify and eliminate the weaknesses and stay ahead of the malicious attackers. As such, findings from the Pen Test will be shared with your security team and can be used to upgrade the security measures that your business has missed out on. Common findings include encryption and authentication flaws, code and command injection and configuration errors.

Insights provided by Positive Technologies research shows that 93% of Pen Testers succeeded in breaching the local networks of the organisations tested, needing only 30 minutes to do so. This highlights the importance of ensuring that your organisation regularly performs Pen Tests so that you can keep your network and systems safe from hackers. When did your business last perform a Pen Test?

Red Team Assessment

A Red Team Assessment is similar to Penetration Testing mentioned above however it is much more targeted. Unlike Pen Testing, the goal of the Red Team Assessment is to test an organisations detection and response capabilities rather than identify vulnerabilities. In most cases, having already completed a Pen Test and eradicated most vulnerabilities, Red Teams form a secondary assessment and try to attack the system again.

But what are Red Teams? They are independent security professionals who are experts at attacking systems and breaking down defences. They act as an enemy and dig deep into your security systems to fully understand the level of risk to genuine cyber-attacks and the effectiveness of your existing defence response.

With cyber threats increasing at an unprecedented rate, it is essential to carry out thorough and regular Red Team Assessments on your systems before the hacker’s attack. Advantages of this include identification of potential disruptions to business continuity and guidance on future security investments.

Conclusion

Overall, we know that non-functional testing may cause some disruption to business processes but if you do not understand the impact of a disastrous event or the weakness within your systems, will your organisation know how to overcome future inevitable challenges and, perhaps most importantly, will your employees know what actions to take?

If you have concerns that your testing programme is behind schedule and would like to understand how you can get back on track then please get in touch with the team at Navos on 01454 603 246 or fill out our contact form. We have personal experience of conducting the tests above during major times of disruption and guide your business through non-functional testing within the new terrain created by the pandemic.