The Valuable Penetration Test

Written by Di Princell

February 14, 2022

All prayers in the business world should start “Now I lay me down to sleep, I pray the Lord, my security is deep.” Don’t kid yourself, when it comes to structuring security for systems, protecting clients and their customers’ personal information, enough is never enough. When companies adopt an attitude of vulnerability rather than invincibility, ongoing penetration testing (pen testing) will become a huge part of their security strategy.

 

The sports motto, the best defense is a good offense, applies to a company’s comprehensive approach to security. Penetration testing is a complex process that attempts to hack into a client’s computer system applications looking for weaknesses. Once discovered, flaws are resolved by integrating mitigation techniques into vulnerable systems. Penetration testing is basically a form of ethical hacking that attempts to protect environments in the cloud, apps, products, and system workflows from illegal and destructive hacking and cyberattacks.

Coalfire shares insights about U.S. companies’ top security vulnerabilities in their 3rd Annual Penetration Risk Report including insecure protocol, password flaws, patching/patch management, security misconfiguration, and out-of-date software. The report reveals that “insecure protocol represents 22.7% of top vulnerabilities across all verticals except technology.”

In today’s threatening information systems environment, compliance officers, board of directors and customers demand strict security protocol with rigorous pen testing at the top of the list. The pen testing team should be available 24/7 to detect and report flaws and warn of imminent attacks. Their reports should be transparent with actionable remediation steps and a follow-up plan to ensure holes have been plugged up. Unfortunately, ongoing security holes are an everyday reality and so are the high costs and effectiveness of pen testing, a complex problem for businesses.

Ian Pacey, RIBBIT’s Chief Technology Officer, shares his insights about the process of pen testing and the philosophy behind RIBBIT’s unyielding commitment to its’ protocol.

“Security is a game of cat and mouse. The mouse will try to find ways into the house, and it is the cat’s job to stop the mouse from entering. In today’s world, pen testing is becoming more of a business requirement than a recommendation. Most cyber insurance carriers require that you perform pentation testing on your systems. Penetration testing should be done on all external facing systems to make sure that the systems are not vulnerable to hackers.”
.

 

“So, what kind of company should you look for to perform pen testing? You will want a company that has deep experience with pen testing and one that provides references with companies that they performed pen tests on; be sure and call references. They need to understand the environment (Azure, AWS, Google Cloud, etc.) that your company is using. You will want them to perform simulated DDoS attacks against your sites and APIs (not during peak hours). They should confirm that CORS policies, user permissions and proper encryption is in place. There should also be checks to make sure your sites and APIs are not using vulnerabilities in 3rd party software. Penetration testing costs a lot of money; however, it is well worth the expense compared to you getting breached!”
.

“At RIBBIT, we have all our developers go through extensive security training learning how to write code with security as a priority. An effective resource that we use is Security Journey. We also make sure to use encryption whenever possible in our services. We have multiple regions for our service and implemented failovers and web application firewalls. RIBBIT is also a strong believer in implementing Multi-Factor Authentication for employees accessing company sites.”

Our RIBBIT team acknowledges that hackers are crazy smart and their skills must be respected. There is no such thing as impenetrable security; every company has a target on its back. Each night, after implementing the most effective protective measures for databases, websites, and computers, a company should say a little prayer.

 

.

Stay tuned . . .

Related Articles

Former FactorTrust Founder/CEO, Greg Rable, Joins RIBBIT Board of Directors

Former FactorTrust Founder/CEO, Greg Rable, Joins RIBBIT Board of Directors

OXFORD, Ohio, April 12, 2022 /PRNewswire/ — Today, RIBBIT Inc. announced the appointment of Greg Rable to the RIBBIT Board of Directors. As the former Founder/CEO of FactorTrust, since acquired by TransUnion in 2017, Greg brings over 25 years of management and strategy experience, combined with a history of building successful fintech and alternative data businesses for the consumer finance space. In his role, Mr. Rable is helping guide the RIBBIT leadership team and promote the growth of bank behavior data as a powerful and necessary predictive data solution.

Getting Real with Financial Inclusion

Getting Real with Financial Inclusion

Financial inclusion matters not only because it promotes growth, but because it helps ensure prosperity ~ Sri Mulyani Indrawati

How arbitrary are the words ‘financial inclusion’; who’s in, who’s out and why is it so unfair? If a consumer is ‘in,’ there are financial opportunities for building a better life. If a person is ‘out,’ good luck with climbing out of a deep money pit. Today’s financial institutions think they are building a more inclusive process. However, many are still using information reflective of historical bias so if it didn’t work then, it ‘ain’t gonna work now’.

Why Interpretation of Data Matters

Why Interpretation of Data Matters

When a man gives you a rose, what you see may not be what he intends~ Patrick Rothfuss

Assessing information is the foundation of most of life’s important decisions. Mistakes are made when the data is unavailable, unclear, inaccurate, insufficient, immaterial, or unjust. How many people have suffered throughout history by poor decision-making? Like it or not, today’s world is data driven, hopefully an information mecca for making insightful, educated, proven and unbiased decisions. However, data is just that, information on a page, it becomes meaningful only when it is wisely analyzed and interpreted.