Why Every Organization Needs A Pentest
2017 was a year that the world witnessed more security breaches than the year prior. December was a month where the Identity Theft Resource Center (ITRC) reported that there were a total of 1,293 data breaches that compromised a combined total of more than 170 million records. An increase from 2016 by 45%. With 2018 coming to a close, it has been a banner year for cyber criminals. 2018, is a continued year of high profile corporate breaches, with the trend continuing to increase.
Notable 2018 Security Breaches
Finding out the hard way customer records has been accessed and or stolen is a nightmare. One example is the LifeLock security breach. You may be familiar with LifeLock, as they are a renowned identity theft protection organization. In July 2018, LifeLock reported that millions of it’s customer email addresses were exposed through a security flaw in it’s website, lifelock.com. The security breach was enough for lifelock to take it’s website offline.
August 3rd, a misconfigured website was the root cause of a major credit card issuer, TCM bank exposing customer names, addresses, dates of birth, 10,000 people who applied for credit cards, and their social security numbers between March 2017, and July 2018. The company chose to mail all customers affected.
Eastern Maine Community College (EMCC)
Just a few weeks later, on August 17th, Eastern Maine Community college reported the organization was compromised after a viscous malware attack. Those affected were students and alumni who attended the school between 1998 – 2018, and workers who were employed at EMCC between 2008, and 2018. EMMC reported that usernames, names, passwords, addresses’, and social security numbers, and dates of birth of 42,000 may have been accessed.
Those are just three breaches out of thousands in 2018. With that said, there is a lot at stake by not only protecting customer data, but your employee data as well. Employees keep the company going, so their security is just as important as the customer. An organization should be conducting regular security audits, and penetration tests of company assets. Don’t think of it as just a check in the box, or a reason to stay out of media headlines. Security should be taken seriously by every employee, and is not just the responsibility of a security team, or the IT department. Everyone has a role to play.
Why Every Company Needs To Conduct Security Audits
A penetration test is an authorized simulation or war game against an organization’s computer systems and networks, otherwise known as assets. The test is performed to identify weakness, including potential for unauthorized access, data theft, and much more. A penetration test is not only to identify weaknesses, but strengths as well. It is also important to know what the team is doing correctly. A penetration test or security audit offers knowledge and ability to insightful information that can be exploited and where areas in policy, architecture, and configuration can be improved upon.
Knowing Your Weakness
There are many benefits in having a security audit performed. Knowing your weaknesses’ before the criminals do is a high risk cat and mouse game to be played. The stakes are high when it comes to financial, or customer data in every organization. Every piece of sensitive data holds some value for a criminal to know, or hold. Every organization is a target, but knowing your vulnerabilities makes the organization a more battle hardened target to attack.
Compliance With Regulation
Penetration tests and security audit plays a crucial role in identification of compliance with regulation. Regular testing can help company with certain security standards such as PCI, HIPPA, and ISO 27001, and avoid hefty fines induced by regulators if found the organization is not within compliance standard. As an example, PCI-DSS (Payment Card Industry Data Security) standard requires organizations that handle large volumes of transactions to conduct both annual and regular penetration testing, and after any system changes.
The Company Image
A data breach is a hefty blow to the company image and generally effects customer loyalty in terms of distrust. As a very non-technical and hasty example, imagine if your accountant left their computer open to walk to the bathroom, and the curious janitor walks by seeing the accountant left the account numbers tab open. One lazy and uneducated move could make the accountant’s customers lose faith. Imagine what a large scale data breach of having millions of records maliciously accessed could do. A penetration test will aid in preservation of the company image by making an honest, and realistic assessment to purport company health and resistance to cyber attack.
A Penetration Test Costs Way Less Than A Security Breach
According to statistics, cyber attacks on individual businesses increased from 5.9 million in 2013, to 11.7 million in 2017. A 200% increase in less than five years. Taking a look at how business is effected by a security breach:
- 86% of people were “not likely” to do business with an organization that had suffered a data breach involving financial information.
- 82% of people were “not likely” to do business with a breached organization that involved a home address of a consumer.
- 80% “were not likely” to do business with a breached organization that had involved a customer telephone number.
Imagine running a business and trying to survive with roughly 20% or less of consumers even remotely interested in your organization willingly knowing that the company had suffered a security breach.
Interested in having a third party penetration test / security audit of your company? CyanLine can help any small, medium, or large sized company. CyanLine has been serving network and security needs since 2004, and serves numerous but not limited to financial, law enforcement, military, and government agencies.
Contact CyanLine here for a consultation.
Read about CyanLine’s Penetration Testing & Security Assessment Capability here.