A recent study revealed the risk factors most weighing on retailers include the mainstay issues related to the economy, labor, and politics like minimum wage, consumer confidence, and government regulation. These have remained constant concerns for the retail industry over the last five years. But concerns surrounding security breaches have skyrocketed to the list of top ten concerns. From a moderate concern cited by just over half of those surveyed in 2011, privacy concerns related to a security breach has now jumped to top of mind for 91% of the retailers surveyed. (See details of the study in this MarketWatch article.)
Unarguably, the Target breach during the holiday season at the end of 2013 got everyone’s attention. We have seen a constant barrage of bad news throughout the first half of 2014 with breaches affecting other retailers and healthcare organizations, vulnerabilities discovered in commonly used systems like OpenSSL, and talk of government monitoring and foreign hackers. From consumers to CEOs, no one can ignore the digital risks we face.
Businesses large and small are wisely taking proactive steps to ensure their systems and data are secure. But how can you be sure? Penetration Testing is key to identifying the threats facing your business. But the options and differing methodologies can be confusing. You want to know your systems are as secure as possible. How much do you really need to invest (time, resources, attention, money) to get a PenTest you can trust?
Free or Do it Yourself Pen Test Tools
There is no shortage of scanning tools and DIY PenTest systems online promising to report vulnerabilities in your system. Some tools are free, some may even be quite pricey. Some do a good job detecting certain identified threats. Any of these online tools can probably detect whether your systems are susceptible to issues relating to the Heartbleed bug, for instance. If you are a small business with a limited budget and no heavy regulatory responsibility (like stored credit card, personal, or health-related information), you may be reasonably safe to trust a very basic, out of the box scan.
Low-Cost Pen Test Services
If your business relies heavily on tools or data in the cloud or you simply are not confident enough in your in-house expertise to rely on a piece of software to reveal the threats that you may be facing, you may find reassurance in working with a company that specializes in Penetration Testing. For a few hundred dollars, you can find someone to conduct the testing for you and produce a simple report that will list vulnerabilities that you need to address. It can be difficult to know what you are getting for your money, however. Try to research these low cost options to be sure they are not simply performing the same scans you could do yourself cheaper (if not for free).
PenTesting for Peace of Mind
For businesses that need to be PCI or HIPAA compliant (Covered Entities or Business Associates) or who have critical data stored and managed digitally, you simply do not have the luxury of relying on a quick, cheap PenTest. Based on industry averages reported by Ponemon, a security breach would cost your company approximately $3.5 million. It is estimated that a malicious or criminal attack resulting in compromised or lost data costs a company $246 per record. Ultimately, penalties, remediation, legal fees, and bad press could end up costing considerably more.
When the stakes are this high, you need the reassurance of Penetration Testing best practices and methodologies that are customized and a testing process that is managed by experts with the time, attention, and experience to do a deeper, more technical assessment of potential threats. When you choose a security partner to trust with your company’s Penetration Testing, be sure they have the knowledge and resources to spend conducting a thorough test.
Regardless of the type or extent of the PenTesting you implement, be careful not to give into a false sense of security. Constant vigilance is critical to maintaining security, preempting new threats that arise, and avoiding unintended human error that can lead to a costly breach as well. Working with an expert in security to conduct a thorough PenTest will cost more but you will gain a partner for future security needs, enjoy better peace of mind, and avoid the regret of facing a costly security breach knowing you could have done more to protect your business.
If your company requires the reliability of a customized, thorough Penetration Test, we would like to speak with you to learn more about your security needs. Please contact us today to get started.