[BreachExchange] Even Minor Glitches And Breaches Can Kill Brands

Audrey McNeil audrey at riskbasedsecurity.com
Thu Oct 12 18:34:04 EDT 2017


http://www.cxotoday.com/story/even-minor-glitches-and-
breaches-can-kill-brands/

How long can notable and economically significant brands risk their market
image with inadequate software testing? In a recent turn of events and a
massive data breach affecting half of US, Equifax CEO Richard Smith walked
away with $18 million in his pension benefits. Equifax, oldest of the three
largest credit agencies announced a cyber-security breach that compromised
the data of almost 209,000 consumer’s credit card credentials, mainly in UK
and Canada.

The most startling revelation was that the company waited almost 40 days
from the time of breach to disclose it to the public finally in September
2017. The ’40-days’ delay in communicating the information on data breach
and cyber-attack has absolutely raged the people and raised serious
concerns about the company’s image. The Equifax hack has disastrously
impacted almost 143 million (estimated to be half of U.S. adult population)
people and exposed sensitive information related to Social Security
numbers, names, birth dates, addresses, and driving licenses.

Can organizations with such economic and social repute afford to mess up
with their communication strategy and stay reckless with their IT security
systems? Such an act not only leads to financial losses but also smudges
the image of the brand in the public sphere.

The year 2017 has witnessed some major cyber-attacks right in the first six
months, such as the Ransomware data breach, and full-on hacking of some
critically sensitive information. How can enterprises build more robust IT
systems and ensure the resilience of IT systems and applications during
such crisis situations? It cannot be denied that a breach not only creates
uncertainty but also develops anxiety and suspicion towards the brand. This
can absolutely tarnish the brand image and jeopardize the stature that
businesses build over a substantial period of time.

Save your brand from these Cyber-attacks

Industry experts and testing experts have segmented cyber-attacks and risks
under specific categories. This enables IT teams and organizations to
identify the threats and take necessary actions. Depending on the nature of
the business, they can even develop the quintessential framework for their
business-critical applications.

Phishing your systems

It is probably the most reported cyber-attack that employs various methods
that are increasingly getting difficult to track. Phishing attacks can
happen in various ways, which also depends on the kind of industry that is
being targeted. In this method hackers generally send numerous emails with
an attachment, which, if clicked, releases a virus and attacks the
vulnerabilities in the system. Eventually, it leaks personal passwords, and
attacks firewalls and exposed fragments of the security software.

Malware and Ransomware

The year 2017 has witnessed some major ransomware attacks on banking and
financial websites. These malware attacks have their own objectives to
maliciously get unauthorized access to your system. In this way, access to
the system and its data is hijacked and then the malware sends a message
that it will release the data only on paying a particular amount as a
ransom. The ransomware after entering the system causes the projected
damage and ends up deleting critical information from your hardware and
online platforms. These malwares are targeted at both individuals as well
as organizations of all shapes and sizes. It can not only attack your
desktops but also bring own your mobile devices and applications.

Brute Force Cracking

A Brute Force attack is a software or algorithm developed to attack any
kind of vulnerability with your application. It applies a trial and error
method to decode encrypted data such as Data Encryption Standard (DES)
keys. In most of the cases, it attacks the password-protection mechanism.
It uses a typically designed software to scan through thousands of word
combinations and numbers to crack your password. In fact, every word in the
dictionary is accessed to figure out the right combination for the password.

Cyber Fraud

A cyber fraud doesn’t necessarily attack groups or companies; it attacks
individuals with structured emails that are result-oriented. For instance,
an email received from CEOs/CTOs authorizing a financial transaction. This
kind of attack is generally engineered to derive financial gains without
much focus on the data breach. Prevalence of Cyber Frauds is significantly
increasing, as these are engineered to target individuals and the financial
gains are pretty high.

Overload and System Shut Down

Also referred to as a Distributed Denial of Service attack or DDoS, it
occurs when a server faces an overload of connections that ultimately leads
to a system or network shut down. This kind of overload is engineered by
hackers with an aim to shut down your network that will stop you from
operating your business, leading to indefinite losses.

Such attacks can absolutely kill the brand credibility of the business
amongst its clientele, especially if the nature of the business involves
major financial investments.

The Role of Software Quality Assurance and Testing

Software Quality Assurance and Software Testing has been gaining
significance over the years, as it is the most practical and rational
approach to ensure that the application is reliable and resilient in the
cyberspace.

Nelson Hall has estimated that the overall software testing market size is
going to be $34 bn by 2017. Gartner further forecasts that the worldwide
software testing market spending will increase by 14 % CAGR – product
testing growth at the rate of 9.1 % and application testing at 15.3 %.  It
is interesting to know that Application Testing covers almost 90% of the
software testing services and requirements.

Moreover, in the light of such attacks, Security Testing and Vulnerability
Testing are gaining added significance; as enterprises are getting anxious
about the safety of their system and the resulting brand repute. It helps
to ensure that every information system safeguards the data and enables
functionality as expected and planned.

Refurbished and redefined testing methodologies have indisputably
transformed the perceptions about software testing. Unlike the traditional
modes, testing is now an integral quotient of the software testing process.
Approaches such as Agile, Shift-left, Shift-right, and DevOps are changing
the face of software development. For instance, if an application has to
undergo Security Testing, the development/testing team doesn’t have to wait
until the conclusion of the development process to test it. Testing is
conducted simultaneously, which facilitates frequent releases and also
constant monitoring.

In every possible way and every proven pattern, Software Quality Assurance
helps businesses to maintain confidentiality, build integrity, and ensure
credibility. That’s the key reason why Quality Assurance is increasingly
becoming a boardroom discussion and a strategic approach for many big and
small enterprises. Profitability is key but sustainability is much more
important; which is made possible by building applications and software
that are dependable for growth. It is critical today to build strong and
skilled teams that can implement the required QA & Testing processes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171012/77fb353c/attachment.html>


More information about the BreachExchange mailing list