If there is one myth about
cybersecurity that we hear regularly and that absolutely needs to be busted, it
is this one. “Why would anyone attack us? We’re too small, too young,
no one knows us, we have nothing online… We’re not interesting to hack.”
Actually, yes, you are interesting.
Let’s take each point
– Why would anyone attack us? No one knows us
Christmas is right around the corner and winter sales are arriving too. Online shopping is planned. Your banners, packaging and special offers are ready, but did you think of your website’s security?
We won’t remember you to update and install patches or to watch suspicious operations (what you are already doing), but we concentrate on three elements to protect your client data and to reassure them about your security level.
1/ HTTPS certificate
Using HTTPS is indispensable for an e-commerce website. Users expect to see the well-known padlock on pages where they give their information. Many people only rely on an URL starting with HTTPS and the padlock to judge the reliability of a website.
However, malicious hackers do know it too. Now they create websites with an HTTPS certificate to deceive users. A study from Phishlabs estimates that in the 3rd quarter 2018, 49% of phishing websites are using an HTTPS certificate.
(We detail here how to identify suspicious emails to avoid phishing attacks, which can be tricky even for experienced users.)
It is a question that we often hear. Sorry, we don’t have a formula ROI=… to reveal. The return on investment of penetration testing is complex to measure, but we are giving you 4 keys to demonstrate the financial benefits of pentest. Security is not only useful to avoid potential problems, it mostly creates value encouraging sales.
1/ Investing to avoid a loss or a higher future expense
Penetration tests are a preventive action. Pentests, by simulating realistic attacks of malicious hackers, enables to detect security flaws, technical as well as logic (this article explains more precisely what logic flaws are).