Fact or Fiction: Everything You Need to Know about Leading Compliance Initiatives

It’s no secret that the cyber threat landscape is evolving at an alarming rate. Now more than ever, businesses must implement compliance initiatives to avoid the growing threats of a cyberattack in the new decade. As a leader of your organization, it’s your responsibility to see this through. In this webinar, you’ll learn from KirkpatrickPrice President, Joseph Kirkpatrick, about everything you need to know about leading compliance initiatives in 2020.

Why is Compliance is a Top 3 Initiative?

According to a 2019 survey conducted by The Conference Board, “U.S. CEOs rank cybersecurity as their #1 concern.” Now, why is that? Take a look at just a few statistics that IBM’s 2019 Cost of a Data Breach report included:

  • The global average total cost of a data breach is $3.92 million
  • The global average size of a data breach is 25,575 records
  • The global average time to identify and contain a breach is 279 days
  • Inadvertent data breaches from human error and system glitches are still the root cause for nearly half (49%) of the data breaches studied in the report
  • If a third party caused the data breach, the cost increased by more than $370,000

As security incidents and data breaches are on the rise, C-suite executives must carry more of the responsibility to ensure that their organizations are prepared for the advancing threats of malicious individuals and groups.

6 Steps for Leading a Successful Compliance Initiative

While this list isn’t exhaustive and should be formatted to meet your business and industry needs, the following six steps can guide executives toward leading a successful compliance initiative, help prepare organizations against cyber threats, and ensure compliance.

  1. Connect the goal to your business’ purpose
  2. Accept responsibility
  3. Define priorities
  4. Choose the team
  5. Determine S.M.A.R.T. goals
  6. Enforce accountability

Want to get deeper insight into these 5 steps?

Think Like a Hacker: How Could Your Mobile Apps Be Compromised?

When you provide mobile apps to customers, they’re expecting them to be secure. They’ve entrusted you with their sensitive data by using your product, and it’s up to you to protect that data. Businesses today must do everything possible to mitigate the advancing threats facing mobile apps, both internally and externally. How sure are you that your organization is doing this? In this webinar, KirkpatrickPrice expert penetration tester, Stuart Rorer, dives into the most common vulnerabilities found in mobile apps and discusses how penetration testing can help keep them secure.

The Pros and Cons of Mobile Applications

Like all technology, mobile applications have some wonderful benefits, but also have some security concerns that need to be addressed. The trick is to learn how to better secure the technology to thwart attacks before they occur. So, while mobile technology has made nearly everything in our lives more accessible and efficient, the cons of mobile technology should not be forgotten. For example, on the physical side of mobile technology, there are numerous risks: BYOD policies are challenging for IT teams because they’re difficult to secure and keep track of, devices can be stolen, and attackers can hack the devices remotely via Bluetooth. At the application level, mobile applications are vulnerable to common security issues like insecure communications, poor information storage, web attacks, revealed code, and tampering.

7 Proactive Steps for Protecting Your Mobile Apps

From malware attacks and backdoor threats to problems with surveillance, mobile apps will continue to be one of the most targeted attack vectors in 2020. We believe that following these seven steps will help you thwart these security issues and protect your mobile apps.

  1. Stay abreast of the latest security news.
  2. Invest in secure coding and practices for development teams.
  3. Invest in routine – not just annual – penetration testing on mobile applications.
  4. Use code obfuscators to better secure code from decompilation.
  5. Stay on top of the OWASP Top Ten and use their resources to better understand security issues.
  6. Do not trust the device to protect your files.
  7. Always use secure communications to transmit information.

How sure are you that you have found all of the vulnerabilities in your mobile apps? Could there be more you’re unaware of? Watch the full webinar now to learn about common vulnerabilities in mobile apps or let’s talk about how our mobile application penetration testing services can benefit you.

Think Like a Hacker: Common Vulnerabilities Found in Wireless Pen Tests

From hand-held wireless devices to wireless networks, your organization probably depends on the convenience and accessibility of wireless devices to conduct business – but wireless devices are just as likely as any other technology to be compromised by hackers. Do you know what vulnerabilities your wireless devices, applications, and networks are up against? In this short webinar, KirkpatrickPrice expert pen tester, Mark Manousogianis, discusses the most common vulnerabilities found in wireless applications and how pen testing can keep them secure.

Common Ways Wireless Devices, Applications, and Networks are Exploited

Wireless devices were intended to make everyday life easier, but the vulnerabilities that persist within wireless devices, applications, and networks makes using such tools risky. Knowing the common ways wireless devices, applications, and networks are exploited, though, can give you the head start you need to prepare against advancing threats. When introducing any wireless device, application, or network to your environment, be wary of the following:

  • Default SSIDs and passwords
  • Access point where tampering can occur
  • Out-of-date firmware
  • Vulnerable wired equivalent privacy (WEP) protocols
  • WPA2 Krack vulnerability
  • WPS attacks
  • Rogue access points
  • Evil twins
  • Man-in-the-Middle attacks

Securing Wireless Technologies with Penetration Testing

There are many ways for malicious hackers to compromise wireless environments and the people who use them. Organizations would be wise to use strong protocols, implement and enforce strong password best practices, keep firmware updated, and educate users regularly on updates and vulnerabilities as baseline, proactive measures for securing wireless technologies. However, while these proactive steps can be used to secure your wireless devices, applications, and networks as much as possible, you will still never know how well they’ll stand against an attack until you’ve submitted them to penetration testing.

How sure are you that you have found all of the vulnerabilities in your wireless devices, applications, and networks? Could there be more you’re unaware of? Watch the full webinar now to learn about common vulnerabilities in wireless devices, applications, and networks or contact us today to speak to one of our Information Security Specialists about our wireless penetration testing services.

What Should You Really Be Penetration Testing?

Pen testing is a valuable investment for any organization – it’s a critical line of defense used to protect and secure your sensitive assets from malicious outsiders. But for organizations that have never undergone pen testing, or for those who have never even heard of penetration testing before, it’s understandable why you would have questions like: What is pen testing? What parts of my organization should be undergoing penetration testing? Who should I hire to perform my pen testing? In this webinar, KirkpatrickPrice’s President, Joseph Kirkpatrick, will answer these questions and more.

What is Penetration Testing?

Penetration testing is a form of permission-based ethical hacking in which a tester attempts to gain access to an organization’s people, systems, or locations. The purpose of pen testing is to find vulnerabilities that could potentially be exploited by a malicious hacker as part of your ongoing risk management practices. However, often times, either out of ignorance or deceit, we see firms pass off vulnerability scans as penetration testing. Let’s be clear: vulnerability scans are not penetration tests. Vulnerability scans are great for discovering low-hanging fruit, but they should not be confused with an advanced, manual penetration test. Vulnerability scanners are only capable of matching patterns and definitions and are unable to find flaws that require human logic and comprehension. This is why investing in penetration testing, in conjunction with running vulnerability scans, is necessary.

What Should You Be Penetration Testing?

In order to know what your organization needs to pen test, you need to identify which assets in your organization are susceptible to cyberattacks and the financial, reputational, and legal implications if those assets were to be compromised. Assets that your organization should consider pen testing might include:

  • Call Center
  • People
  • Records Facility
  • Internet of Things
  • Corporate Office
  • Data Center
  • Wireless Connections
  • Externally Facing Applications
  • Internally Facing Applications
  • Mobile Applications
  • Computers

Ultimately, your organization should be penetration testing any asset that you want to make stronger. If you’re ready to embark on your pen testing journey, download the full webinar to learn more or contact us today to speak to an Information Security Specialist.

Think Like a Hacker: Common Vulnerabilities Found in Networks

Let’s face it: anything connected to the Internet is at risk of being compromised, which means that organizations like yours must understand the types of vulnerabilities in your internal and external networks that could be exploited by a malicious hacker. If you’re interested in learning about common ways your networks may be compromised by a malicious hacker, remediation tactics for mitigating threats facing your internal and external networks, and how to continue to stay abreast of cyber threats with KirkpatrickPrice’s penetration testing services, watch the full webinar now.

What’s the Difference Between Internal and External Networks?

In order to protect your organization’s networks, you must first know the difference between internal and external networks and what systems and devices are connected to them. Are client workstations, internal services (DCs, mail, DB), routers, firewalls, fax machines, and/or printers part of your internal network? Do you have WAFs, web applications, or external services (e.g. FTP, SFTP, or Mail) in your external network environment? Ultimately, internal network environments primarily act as the domain for internal users to access your organization’s internal assets they need to function. External network environments, on the other hand, are more often available to the outside world (e.g. for a partner or client to access).

Common Vulnerabilities in Networks: Configuration Problems

In both internal and external networks, KirkpatrickPrice expert penetration testers often find issues due to misconfigurations. Considering this, they encourage organizations to be weary about leaving default passwords and/or using weak passwords on things like appliances, internal applications, network accounts, or even printers, scanners, and fax machines. To prevent your networks from being compromised due to misconfiguration issues, our pen testers explain that regularly testing your configurations is critical, as well as undergoing at least an annual penetration test.

How sure are you that you have found all of the vulnerabilities in your networks? Could there be more you’re unaware of? Watch the full webinar now to learn about common vulnerabilities in networks or contact us today to speak to one of our Information Security Specialists about our internal and external network penetration testing services.