How Ethical Hacking is Healthy for Business
-
Upload
securitymetrics -
Category
Technology
-
view
542 -
download
0
description
Transcript of How Ethical Hacking is Healthy for Business
Ethical Hacking isHealthy for Business
Is your company prepared for a situation
like this?
If you had your website, networks, and servers ethically hacked, you probably wouldn’t
be in this situation.
Let’s talk about hackers
There are 2 types of hackers. Malicious
Ethical
Malicious hackers look to exploit weaknesses in a computer or network to steal company or customer information.
Ethical hackers are hired by a company to find weaknesses in that company’s environment.
Ethical hackers are also called penetration testers.
The point? Find the weaknesses malicious hackers would use to gain access to company data, and help companies fix the problem!
Ethical hackers simulate real scenarios.
For example:– Hackers that want to steal
credit card information– Unethical competitors
looking for company secrets– Disgruntled employees who
want to deface a company website
What kind of tests do they conduct?
• Internal/external testing• Web application testing• Remote access testing• Wireless testing• Social engineering
After testing, penetration testers provide:– Report on all vulnerabilities– Assistance to fix the found
vulnerabilities
Why get apenetration test?
Here are 6 reasons.
It’s required(PCI DSS requirement
11.3)
1
To test your products or website for security failures
Did you know more than 79% of data breach victims possess an easily exploitable weakness? -Verizon
2
To properly allocate security funds
3
To test incident response and security awareness of staff4
So you don’t end up on the front page
5
Because hackers become more sophisticated in the ways they steal
data.
They adapt as fast as technologies improve.
6
Most breaches are preventable.
Why can hackers get in so easily?
• Favoring functionality over security
• Insecure software development
• Incorrect configuration• Lack of staff security
education• Gaps in accountability
3 Best PracticesImplement secure controls and conduct security awareness training
Implement a strict policy for code development & testing
Get ethically hacked!