We take it for granted nowadays that we can work pretty much wherever we are. The majority of us use laptops, tablets and smartphones for work as well as for leisure, Wi-Fi is by and large available wherever we go, 3G and increasingly 4G service is the norm, and cloud computing means we can access our data on the move. But an increasing reliance on virtual networks means sensitive data is more and more vulnerable to targeted attacks. Web-based applications may be convenient for you and your workforce to operate wherever you are, but they are also convenient for cyber criminals, as your and your customers’ information is more exposed.
US Government hacked
In the news this week, it was reported that 28 year-old Lauri Love from Stradishall in Suffolk was arrested in a joint operation by the UK’s National Crime Agency and the FBI on suspicion of hacking into US Army, NASA and government computer systems and allegedly stealing data on thousands of individuals, causing $25,000-worth of damage. If a vicar’s son in East Anglia can hack into the networks of some of the most powerful organisations in the world, what chance do you stand?
You are vulnerable too
FireHost this week reported a 32% rise in the third quarter in cross-site scripting (XSS) and SQL injection activity targeting web applications carrying sensitive information. Evidence shows that SQL attacks are becoming more automated as hackers and cyber criminals are moving away from enterprise infrastructure attacks and are identifying and exploiting vulnerable application assets. Automated scanning means even if you are a relatively small, unknown organisation, your web presence will be found. This puts any business with hosted resources at risk, including yours. It isn’t scare-mongering but fact: it’s not a matter of if you will be attacked; it is a matter of when.
How would your customers react?
Elsewhere, a Harris Interactive survey commissioned by Cintas Corporation has revealed that two thirds of US adults would take their business elsewhere after a data breach. Whilst these results may seem on first glance to be specific to the US, there can be no doubt that their application is global, and the message is clear: you only get one chance. If your data is breached, your customers could go straight to your competitors and not come back.
How can you prevent attack?
Penetration testing identifies the vulnerabilities in your information security systems by simulating a malicious attack, testing known and unknown weaknesses in your security arrangements, including open ports, Wi-Fi passwords, packet sniffing, phishing schemes, browser exploits and social engineering. Whether complying with DPA, other Data Protection Laws, or meeting business, legal and contractual requirements in line with ISO27001, organisations must carry out penetration tests at least quarterly on all their Internet-facing websites.
IT Governance currently has a special 50% discount offer on all our CREST-accredited penetration testing services booked by the end of November 2013. Visit our website or call us today on 0845 070 1750 to find out how we can address your security needs.