Ethical Hacking And Penetration Testing For Data Security
My wife used to work for one of the leading property management companies in Brazil. They redefined the property market by taking a very old-fashioned industry and applying high levels of interactive customer service – it became possible to find an apartment online and to arrange a rental agreement without any bureaucracy.
Because this was a well-known company that dealt with a large amount of financial data and payments they were very security conscious. They constantly refreshed their employee training on security awareness and they worked with ethical hackers to constantly find a way into the system.
Often the weakest link could be found by phishing – the social manipulation of employees inside the company. Usually this would be by sending every employee an email that looks like it needs an urgent response – find the most popular mobile phone provider and send a note that looks like it is from that company saying ‘your bill has not been paid… click here to resolve the problem.’
If the link is clicked then the hackers can then gain access.
This made my wife very wary of email she was not expecting, but she also told me some of the statistics. Although almost every employee would not click on mails like this, usually someone would. The point of repeating the exercises was not to punish any individual, but to keep reminding them that some people are still clicking on dangerous links and messages.
This is really important for any business. If hackers gain access to your confidential client data then the cost to your business can be extremely high. IBM has estimated clean-up costs of around $5 million as an average – that’s just an average. If you lose your entire client database then it could take money, time, and a lot of reputation management to rebuild the business.
For smaller companies that can’t afford millions of dollars to clean up the situation it can be even more serious. Cybercrime magazine has estimated that over 60% of smaller companies that suffer a data breach are no longer in business within six months. They are finished.
In 2021, I was prevented from traveling to see my parents because of a ransomware attack on my local health service. They had been hacked and their services suspended until a ransom was paid. I needed my official Covid vaccination certificate from the health service app and it was not possible for me to board a flight without it. Millions of people were affected.
I was thinking about these statistics and my wife’s direct experience of security training and awareness when I saw that IBA Group is now offering a free security assessment service.
The IBA team will check your website and applications and suggest how security could be improved at no cost. All the most critical vulnerabilities will be identified along with some personalized recommendations for improvement.
You can take the advice and it will not cost a penny, but naturally IBA Group can help on an ongoing basis with similar services to those my wife experienced – ethical hackers and penetration testing. You can ask a team of data security experts to try breaking into your system just to see how good your current security is and where weaknesses need to be addressed.
Data breaches are happening all the time. I looked in the news recently and there are hundreds of ransomware attacks taking place across critical industries. The police in Northern Ireland have apologized as all their employee data was hacked. National Public Data, a body in the US that controls social security records and other personal consumer data, published their own passwords online – the hackers didn’t even need to try very hard to scoop up the personal data for 272 million citizens.
When public bodies make mistakes the leader might lose their job and a review will attempt to improve procedures, but for many private companies the damage to reputation may be enough to end the business. If you are an online retailer and you lose your entire customer database then how many customers will be willing to shop with you again?
A robust approach to data security is essential in a world where the threat is increasing on a daily basis.
For more information on the IBA Group ethical hacking and penetration testing services, including the free assessment report, please click here.
For examples of IBA expertise on data analytics and AI, please click here. Follow IBA Group on LinkedIn for regular updates and comment.