Penetration Testing – An Ally for Your IT Support and Development Teams

Many Kiwi businesses assume their IT provider handles all aspects of security. But penetration testing, a specialised service performed by ethical hackers, is a different practice that works alongside your MSP to uncover vulnerabilities that regular security controls may miss. It’s all about collaboration and double-checking that your defences actually work via an adjacent layer of expertise. This article explains how penetration testing supports MSPs, developers, and SMBs across New Zealand.

What Pen Testing Adds That MSPs Don’t

MSPs focus on keeping your systems running: patching, backups, antivirus, and account management. Pen testing, on the other hand, is a controlled attempt to break into your systems to find real-world weaknesses. It simulates what a hacker might do, safely, and shows what damage could occur if the vulnerability were real.

Most MSPs don’t offer penetration testing. It requires a different skill set and approach. While MSPs might run basic scans, a penetration test goes deeper and tries to safely exploit potential vulnerabilities, not just list them. This hands-on method finds things that scanners miss and is often recommended in frameworks like NZISM and ISO 27001.

Not a Rival – A Partner

Pen testers don’t replace MSPs, they work with them. A good test provides a list of issues, and the MSP steps in to fix them. Things like patching, tightening firewall rules, or improving account controls are core MSP tasks. In this way, pen testing supports your MSP by showing where improvements are needed.

Some MSPs already partner with external testers or resell testing services. This lets them expand their offering while ensuring you get true specialist insight. Think of your MSP as your GP and a pen tester as a specialist you call in for a deeper check-up.

Example: A mid-sized Auckland law firm hired a tester, who found serious flaws allowing access to email systems. The MSP and internal IT team fixed the issues. The result: stronger security and better peace of mind, all thanks to the collaboration.

Similar gains are seen across industries. A Christchurch accounting firm discovered an open remote desktop port. A Wellington real estate agency found an exposed admin page. In each case, the MSP resolved the issue, and the business was safer as a result.

Supporting Developers Too

Pen testing also helps developers. They’re focused on building features, not always on defending them. A pen tester looks at your web apps and software from an attacker’s point of view. This can uncover things like access control issues, injection flaws, or misconfigurations.

It’s not about catching the dev team out, it’s about improving the software before clients rely on it. Developers often find pen testing sharpens their security thinking and helps them improve future builds.

Example: A client portal was tested before launch. The tester found a bug allowing users to see each other’s documents. The dev team fixed it, and the business avoided a potential privacy breach. Everyone benefited.

For Kiwi SMBs, It’s About Confidence

Professional services like legal, accounting, and real estate hold sensitive data and are often responsible for large sums of money on behalf of their clients. Your clients trust you to keep it safe. Adding penetration testing to your IT process shows you’re serious about security. It gives you and your MSP or developers the confidence that your setup is holding up under pressure.

Pen testing fits into a healthy IT cycle: test, fix, verify, improve. It creates a feedback loop that strengthens your environment and improves how your team works. It also helps meet compliance expectations in NZISM, ISO 27001, and the Privacy Act.

Penetration testing isn’t a critique of your IT setup, it’s a quality check. It supports your MSP, sharpens your developers, and protects your business. For small New Zealand businesses, it’s a practical, collaborative way to stay ahead of cyber threats.

If you have an MSP or in-house team, consider adding independent testing to the mix. Work to collaborate, build trust, improve security, and show your clients that their data is in safe hands.