Rochester MI (PRWEB) January 30, 2013
“In 2012 High Bit Security performed testing across multiple sectors,” said High Bit COO Adam Goslin. “It did not seem to matter what business the clients were in. Medical, Banking, Mortgage, E-Commerce, Software, Industrial Design, Staffing, Business Intelligence, Insurance, Accounting, Legal, Hospitality, and even Internet Payment processors – almost all failed their tests. This past year, 95.83% of the businesses we tested had vulnerabilities that would allow their systems to be compromised. Even those who were running regular vulnerability scans, or had penetration testing performed with other companies the previous year.”
The most common – 58.5% of the vulnerabilities - were found in the application layer (web applications, web services, and API’s) while doing external testing. Performed from the outside, external testing simulates a hacking attack originating anywhere from across the parking lot to across the globe. “We were contacted by a customer after they discovered one of their web pages was being re-routed to a site selling fake merchandise,” said Goslin. “That was just the tip of the iceberg. Sensitive client data was being extracted from their systems without their knowledge. Ultimately, when we gave the findings report to their web developer, it was an easy fix. We showed them the code changes needed and the issues were easily resolved.”
The next largest segment of vulnerabilities – 41.5% - were found in the network layer – the firewall, server, and infrastructure configurations. “I feel bad for IT service providers who assure customers they are secure,” said High Bit Security Chief Business Development Office Barbara Goushaw. “IT security is a specialty, and expecting your IT provider to know all of the ways a company can be compromised is like expecting your family doctor to do open heart surgery.”
Internal penetration testing engagements (testing performed from within the network of the target environment, similar to an attacker breaching a system via malware or Trojan) consistently show how network layer and host vulnerabilities are potentially the most devastating. “Often, organizational focus is limited to the boundary defenses, with the erroneous belief that running external testing is sufficient.” said Goslin. “All it takes is one employee clicking on the wrong site, downloading the wrong file, or a zero-day vulnerability, and the attacker is on the internal environment. If you identify and close the vulnerabilities on internal networks and applications, you make the attacker’s job significantly more difficult. If they can’t get to the valuable data, they will move on to an easier target. Our goal is to make sure our clients are not an easy target.”
High Bit Security’s full 2012 Security Testing Review report is located on their website by clicking here (no need to supply credentials), and provides details about the most prolific security vulnerabilities their customers experienced during the 2012 Security Testing cycle.
About High Bit Security: High Bit Security is a national security services provider, providing penetration testing solutions to clients who need to protect sensitive data in industries such as Healthcare, Credit Card, Financial, or companies that otherwise store Intellectual Property or Personally Identifiable Information. High Bit Security also provides security consulting services to our clients to assist them with their compliance objectives across PCI-DSS, PA-DSS, HIPAA, SSAE-16 or simply wish to perform a security best practices audit of their organization. Contact High Bit Security today for a free consultation to take steps toward protecting your sensitive information. http://www.HighBitSecurity.com 800-757-3144