Implementace etického hackingu v podniku

Abstract

Cybersecurity is becoming a critical topic even for small businesses, which face similar threats as large organizations but often lack adequate protection. One of the effective preventive tools is ethical hacking, which enables the simulation of attacks and timely identification of vulnerabilities. The aim of this thesis was to implement ethical hacking in a selected company and thereby contribute to improving its level of cybersecurity. An initial GAP analysis revealed key weaknesses in employee training, password management, and technical security. Based on these findings, three penetration tests were designed and carried out using the PTES methodology. Specifically, the tests included phishing, USB baiting, and password cracking. The testing revealed concrete security gaps: employees responded to fraudulent emails, executed an unknown file from a USB device, and used easily crackable passwords. Based on the results, corrective measures were proposed, and all findings were subsequently presented to the company’s management. The thesis thus fulfilled its objective, as ethical hacking was successfully and safely implemented within the company. Furthermore, the work confirmed that ethical hacking can be effectively applied even in small businesses and that the PTES methodology is fully suitable for such an environment.