One of a company’s worst nightmares goes a little something like this.

An employee boots up their computer at the beginning of the work day. A couple of minutes into work they get an email from someone who seems to be a coworker. They click the link without thinking, and a message flashes onto their screen:

“Your files have been encrypted. You have 24 hours to pay a fine of $500. If you do not pay the fine, your files will be permanently encrypted.”

Yesterday, for several companies across Europe and Asia and even in the United States, that nightmare became a reality.

In previous blog posts, we’ve talked a lot about how important it is to be aware of how secure your firewall really is. But you may be wondering one thing: what does it even mean to be “security aware?”

So you have a Nigerian prince in your emails who seems nice enough. He’s never been anything but polite, and from the looks of it, he has had a rough time lately. As it turns out, being a prince is not as lucrative as it sounds. He just needs $12,000 from you to make it all better.

You know how this story ends. You laugh it off because you know it’s a scam – you don’t know this guy, why would you ever give him money?

But what happens when someone you do know emails you out of the blue, needing some cash? Or if a coworker asks for access to a file? Or if someone you’re pretty sure you know sends you a link that you just have to click?

Reports of hacking bank information, dating websites and even the 2016 presidential campaign have not only contributed to high levels of paranoia for businesses but driven them to consider testing their own networks and firewalls for any possible security breaches.

The only problem is choosing between doing PEN testing, vulnerability testing or both.

Making the choice can be difficult for organizations unversed in the differences between the two tests. PEN testing and vulnerability testing have been mistakenly labeled as the same because of some conflicting reports and marketing missteps.

Lately, political parties and governments have been serious victims of cyber-attacks.  These cyber hacks have affected millions of federal employee’s productivity in their work and have affected many outcomes of governments, such as voting results.

What is the cause for this?  The problem lies in the systems; they were built decades ago and as a result they are obsolete. Legacy systems are troublesome because they are out of date. Some legacy systems go back a half a century and cannot implement network defenses as a basic as encryption.