Cybersecurity Issues for Businesses in 2020

The current trend is to strengthen the security requirements for customers, partners and investors. Security audits have been democratised to small and medium-sized companies, for whom they represent a prerequisite to be able to collaborate on IT issues with large companies. In fact, large accounts almost systematically integrate requests for security audit reports into their purchasing processes. The introduction of the GDPR 2 years ago also enabled companies to become aware of data security issues in business sectors where risk awareness was previously low. Security certifications (ISO 27001, HDS, PCI-DSS, SOC2, etc.) are increasingly popular among small and medium-sized companies, as a way of differentiating themselves and making security a quality issue.

Conducting a security audit has a cost. When companies are asked about the budget they devoted it, we often hear “between €10k and €20k”, sometimes a little more, sometimes a little less. However, there isn’t really a standard price for this type of service: it all depends on what is done, how, and by whom. If the main objective is to be able to show that a pentest has been done less than 6 months ago, it is possible to make concessions to respect an extremely limited budget.

Abraham Lincoln (repeating a woodsman) would have answered the question: what would you do if you had just six hours to chop down a tree? I would spend the first four hours sharpening my axe.

What does it tell us? That preparation is key. 
You cannot protect what you don’t know, therefore knowing your attack surface is the first essential step to protect it efficiently. 

Once you have decided to go for a penetration test, you may wonder if it should target your production environment.

Depending on the risks, it can be appropriate to perform the security audit either on a production environment or a test environment. Below is a summary of the pros and cons for each alternative.

25 pages to know the existing and exploitable vulnerabilities on these technologies, as well as the means to counter or reduce the risks.

Before starting a penetration test (pentest), should you present your product or solution to pentesters? It all depends on your situation and on your objectives!

When we talk about cyberattacks, we often think of malicious activities coming from external attackers, while internal attacks are on the rise. In the Insider Threat Report 2019, it is reported that 59% of the companies surveyed had suffered such an attack in the past year.

Protecting yourself from the inside against these attacks is therefore just as important as defending yourself from the outside.

We are regularly conducting social engineering penetration tests for our clients.
Our pentesters (security experts) tried various techniques, scenarios and pretexts.

We have learned lessons from our experience, and our clients shared with us what they learned too. We are sharing them now with you.

The first one and the second are said to be the best allies of CISO (and in general people in charge of IT security). There are though two different tools in a security strategy. What are the different characteristics of a penetration test (pentest) and a vulnerability scanner?

It is a question that we often hear. Unfortunately Sorry, we don’t have a ready made formula to reveal. The return on investment of a pentest is complex to measure. However, we are giving you 4 keys to demonstrate the financial benefits of a penetration test. Security is not only useful to avoid potential problems, it mostly creates value to facilitate sales and strengthen the trust of your customers.