Internal penetraion testing
Hack attacks can come from anywhere, including disgruntled employees or other users you give access to your systems. Ultimately the end goal is the same as an external penetration test, but the starting point assumes some network access already.
Our user-privileged or internal pen test simulates an employee or other user in your system such as a low-level user on your web server. It will be performed from the perspective of both an authenticated and non-authenticated user to make sure the network is critically assessed for both the potential exploit of a rogue internal user, and an real world attack.
Misconfigured systems can permit employees access to confidential information such as employment contracts of other staff on your network or shared drives.
Keeping employee and user rights locked down along with strict password and remote access policies will protect your business from internal threats.
Also, with GDPR in mind, you will also be checking the potential for users to access and leak any confidential, sensitive or personally identifiable information (PII).