Infrastructure Management

Top Tips: Five reasons you should test your company's security DNA

21-10-2015-five-reasons-you-should-test-your-companys-security-dnaCharles Henderson is the Vice President of Managed Security Testing at Trustwave. He has been in the information security industry for over fifteen years. Over that time, he and his teams have specialized in network penetration testing, application penetration testing, physical security testing, and incident response. Henderson routinely speaks at various conferences around the world on various subject matters, relating to security testing and incident response. At his core, he remains a hacker at heart.

Charles shares why it’s important to test your infrastructure security.

Not knowing how to secure your sensitive information is a huge problem. You should know the in’s and out’s of your network infrastructure, and, most importantly, fix any weaknesses before attackers take advantage of them. The risks are high if you don’t. According to our 2015 Trustwave Global Security Report, 98% of the applications our experts tested in 2014 contained at least one security vulnerability. The maximum number of vulnerabilities we found in a single application was 747.

Applications are an essential part of your organization’s DNA—databases, networks and applications.  It’s no wonder that industry analysts say in 2015 at least 60% of enterprises will discover a breach of sensitive data. Organizations can potentially decrease that number if they identify weaknesses before the attackers find them and continue to identify and remediate weaknesses throughout the year.

Security testing fulfills that task. Using experts and tools that simulate a real-world attack, businesses can identify and fix security vulnerabilities before criminals can exploit them.

Here are five reasons you should test your infrastructure security instead of playing a guessing game you are bound to lose.

To avoid overlooking security - Our 2015 Security Pressures Report found that 77% of IT pros said they had been pressured to unveil IT projects that were not security ready. Oftentimes in-house IT teams are directed to meet specific deadlines, and therefore rush projects out the door while letting security fall by the wayside. As a result, companies are at risk of a breach as more unsecure technologies are introduced into their infrastructure. Web application designers face a similar dilemma with growing pressure to get applications out the door in a specific timeframe. In many of those cases, security is again overlooked, leaving users of those apps vulnerable to attacks.

To secure the “Internet of Things” - Whether it’s a smart fridge, television, garage door or business automation system, white hat hackers have found that many IoT devices are riddled with security flaws. Internet-connected consumer and business technologies should not go to market without testing and addressing the security flaws they harbor. Businesses that use internet-connected devices should also continuously test the ecosystem surrounding them – in other words, any networks, applications and databases that connect to IoT technologies.

To protect BYOD - The Global Security Report also revealed that 95% of mobile applications tested by Trustwave experts were vulnerable. BYOD is now the status quo, making it critical for mobile application developers and businesses to continuously test, identify and remediate security weaknesses within mobile applications and devices.

To secure your databases - There’s no question that cybercriminals are after sensitive and valuable data which they then sell to the highest bidder. Escalation-of-privilege or denial-of-service attacks, data leakage or unauthorized modification of data are all made possible by simple missteps including configuration mistakes, identification and access control issues, missing patches or any toxic combination of the above. You need to test to make sure that your databases, which hold a treasure trove of valuable data, do not also contain security vulnerabilities.

To identify weak passwords - Disappointing but not surprising, in 2014 Trustwave researchers found that Password1” was the most commonly used business password. Coupled with the 2015 Trustwave Global Security Report finding that 39% of passwords tested were only eight characters long, it’s no wonder credentials are easily cracked. It takes only one day to crack an eight-character password, while Trustwave estimates 591 days for a ten-character password. Testing can enable businesses to identify weak passwords, and therefore bolster their security.

In spite of the string of high profile data breaches within the past couple of years, too many businesses still believe they will not fall victim to a breach. That false sense of security can cripple a business. From the CEO to the IT team to all other employees, everyone in your organization should make security a top priority. A strong security program involves multiple layers of security controls that include security testing and scanning in addition to real-time threat intelligence, manpower and expertise to continuously monitor and update your organization’s security program. Don’t fall behind and become the next breach headline.


« Why do we need more women in IT?


Commercial UAV Show: Use cases for drones in business »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?