There is a vital question which all companies should answer as soon as possible: What do they lose if they don’t take enough steps for the computer security of their company?
Every week we talk about cases which show us risks and dangers of being on the Internet. However, cybersecurity gains relevance when you run a business and focus all your activities on selling and giving the best to your clients. This is something very normal because almost everything depends on it. So, it’s very common setting aside critical areas like the computer security of companies. In most cases, if not all, businesses and entrepreneurs activities depend on technology and that’s why they are very vulnerable to cyberattacks.
If you increase the security levels of your company you are not going to sell more products or services, but your customers will have more confidence in you. Anyway, it has already shown that when servers are down and hackers steal personal information from a company or go public with a companies faults, they lose customer confidence, or in the best case, it undermines them.
In other words, for every new day, those businesses or entrepreneurs that don’t invest in the security of their computer equipment are exposed to serious risks which could cause incalculable losses. Mass media doesn’t usually talk about this, despite us seeing a lot of cases. The reason is institutions which have been hacked try to avoid attacks going public. By this way, they prevent losing their customers and investors trust. The most notorious cases are the most noticeable, like the Ashley Madison one.
No-one wants this for their company
The security breach of the well-known dating website, Ashley Madison, has its own post on Wikipedia, and it’s no wonder. By mid-July of 2015, this popular service among users who look for an affair was hit with a cyberattack by a group of hackers called “The Impact Team”. They stole 25 gigs of personal information of the users, which they didn’t publish until the next month.
The wait was intentional. The hackers ordered the shut down of the website because they didn’t fulfill the terms and conditions they had with users. Supposedly, Ashley Madison shouldn’t save personal information about their users like real names, cards bank details, search history or sex fantasies. The hackers proved otherwise when they published all this information on the dark web. There it was accessible for anyone who wanted access by a Tor browser, and also for those who wanted to download the document. On the list, there were emails found of public bodies and private agencies, which is not advisable when you sign up to a website.
This example is one of the most famous in recent years, but there are attacks like this one every day. Today, it’s difficult to know if the Ashley Madison attack had consequences on their finances, but they are still working. Not everyone has a business so big and can take the hit on an attack like that.
Pentesting – how a business prevents a cyberattack
Well, you may ask yourself if a cyberattack like the Ashley Madison one could have been avoided. According to what we know today, it seems that they could have prevented it. It appears that the website didn’t ask for email verification when a user was signing up, and this allowed them to create fake accounts, as well as similar user names between each other.
Indeed, these kinds of security breaches are detected by a computer analyst. The technique they use to test technology infrastructures of companies is called penetration testing. Computer experts simulate a cyberattack driven to the company which has hired them for that. They do a penetration test by consent and agreement of system owners, but cyberattacks don’t, that’s why hackers commit crimes which could be punishable by a court.
Pentesting is getting more and more relevant at the time companies and organizations look for ways to shield their computer systems. So, it’s not surprising that you have heard about it before. However, it’s not easy to find computer experts who are able to do a good penetration test. The reason lies in the most important part of the process, which is not how to use the pentesting tools, but preparing a report where the computer analyst values every security breach they have found, in order to provide solutions that a company should implement as soon as possible.
In other words, businesses can’t settle with someone who just knows how to get in computer systems and finds bugs as a hacker would do. Reading vulnerabilities and knowing how to resolve them are the main keys of pentesting.
In a complex area like computer security, experience and recognition are decisive. After all, people outside of companies are allowed to get into computer systems. That’s why the ODS team is formed by computer analysts with extensive experience in penetration testing. They have also been recognized nationally and internationally as cybersecurity champions, like Daniel Fernández, who was first at the Ethical Hacking Competition celebrated in Spain at the end of 2016.
We have a fake secure feeling when we are sitting in front of the computer or working with our smartphones. We should not trust it. If, at the end of the day, a company doesn’t invest in its protection, they are putting at risk their customers’ confidence, thus its future. Calling us is all you need to do to avoid any disaster.