Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign

July 2, 2026

NCSC Shares Tips on How to Make a Pen Tester’s Job Harder

July 2, 2026

Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

July 2, 2026
Facebook X (Twitter) Instagram
Thursday, July 2
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»NCSC Shares Tips on How to Make a Pen Tester’s Job Harder
News

NCSC Shares Tips on How to Make a Pen Tester’s Job Harder

Team-CWDBy Team-CWDJuly 2, 2026No Comments2 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


Secure-by-design systems, segmented networks, and logging and monitoring are among the best ways to defeat cyber adversaries, according to penetration testers.

That is according to the National Cyber Security Centre (NCSC), which explained in a blog post published on July 1, that it asked a group of pen testers it works with: “What can organizations do to make your job harder?”

Their responses could help security teams to improve the resilience of their systems to compromise.

Read more on pen testing: Trust in Automated AI Vulnerability Scanning Collapses to 9%, New Study Finds.

The pen testers quizzed by the NCSC said secure by design systems are a must because they make attacks more difficult to carry out, and ensure any discovered vulnerabilities are easier to remediate.

According to the NCSC, secure by design means:

  • Using threat modelling during the development process
  • Mandating strong authentication (phishing-resistant multi-factor authentication) for privileged users, which is opt out
  • Changing default passwords in tools
  • Validating input data as early as possible, and handling errors in a clear and secure way
  • Securely storing credentials and avoiding hard-coded credentials in the software
  • Protecting sensitive data at rest and in transit, if there’s a risk of unauthorized access

Segmenting and Logging

Pen testers also hate network segmentation, which could be achieved through high-level network design, the use of VLANs or firewalls, or management of users or groups with separate accounts for different network areas.

OT systems should be separated from IT networks, to prevent lateral movement and avoid loss of availability.

“Segmentation is not just about separating IT from OT; it is about controlling what crosses that boundary. Cross-domain thinking helps define zones of trust and tightly manage data flows between them,” the NCSC continued.

“Secure OT connectivity should minimize exposed connections, standardize access routes, and harden boundaries, while privileged access workstations (PAWs) provide trusted devices for privileged administration, reducing shortcuts and making lateral movement harder.”

Finally, good quality logging, monitoring and investigation makes a pen tester’s (and therefore a malicious hacker’s) job harder.

“We can’t stress enough that even the best logging and monitoring capability is useless unless an organization collects the right data, and responds to that data in the right way,” the NCSC concluded. “Make sure that alerts are properly investigated, and that incident response plans are built, regularly communicated, and exercised with your teams.”



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleAmazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
Next Article Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign
Team-CWD
  • Website

Related Posts

News

Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign

July 2, 2026
News

Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

July 2, 2026
News

Insurance Giant Aflac Discloses Data Breach Impacting Millions

July 2, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

A phishing attack that doesn’t steal your password

June 15, 2026

What to consider before asking an AI chatbot for health advice

May 27, 2026

A quick guide to recovering a hacked account

March 21, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.