Different studies and reports in Latin America show that, in terms of cybercrime prevention, awareness and investment is still insufficient and the actions implemented are sometimes precarious. If we take into account that the detection of a data theft problem takes some months to be detected, it is likely that when it is decided to do something, it is already too late and instead of preventing, it is necessary to react to the problem. The information that a hacker can steal is very varied and has different value on the black market. Financial contents are the most useful, as they are easily tradable, but they are not the only ones.
Financial Information
Credit card information is the most frequently stolen data. This information can be obtained because it is stored in an unencrypted database or in lists and spreadsheets on a computer network. If the information is not properly managed, it could be stolen, causing great damage. Depending on the quality and quantity of data that has been stolen, is its value in the market. The more complete the information is, if it has the verification digits or the bank data, the more sought after it is on the black market.
System access information
Information such as username and password for accessing a system is another piece of data that a hacker wants to steal. Depending on the nature of the business and the privileges of the user, the damage that can be caused is greater or lesser. For example, in an e-commerce system, with the username and password the criminal could change shipping addresses or generate a new one and make purchases. They could also buy Gift Cards and then make the purchase, making it difficult to track. If the system is e-banking, it could lead to unwanted transfers, as recently happened to customers of a bank in Uruguay, who were tricked by hackers to get the username and password. Keep in mind that corporate systems or to the end consumer, have valuable information, as well as the ability to buy, sell, book, etc.. so an abusive use could generate significant losses to the company.
Business Information
Business information is one of the most important things hackers look for to steal. Among the most sought-after data are those containing customer data, suppliers, transactions, operations, financial data documents, price lists, balance sheets, business plans, pricing strategies, etc. The damage that this information could cause is great if it falls into the hands of competitors, people seeking to enter the business. In most cases companies do not notice the theft of information and when they become aware of it, it is usually too late.
Protecting information
Custom-developed applications are an important business asset because they contain not only key information, but also the logic of business processes. If security practices were not taken into account when developing it, it is likely to be vulnerable to attacks. To diagnose how the application is in terms of security, it should be verified that it does not contain at least the vulnerabilities indicated in the OWASP Top 10 for web applications or the Mobile version. In addition, you can perform security validation tests that involve a complete review of the state of the application, which will allow you to know the situation and the vulnerabilities that expose your applications.
Software Testing Bureau has worked with clients from different industries promoting security culture and helping their applications not to be breached. Based on our experience we suggest changes in architecture, data management and permissions within applications to ensure the interaction of internal and external actors. We detect vulnerabilities and promote policies to ensure data privacy and good data management in order to prevent fraud and improper manipulation derived from abuse and misuse of applications.
If you are not sure about the security situation of your applications you can contact us to find out how to make an assessment and know the risks to which your business is exposed.
Would you like to know more about our services? Request more information here
Connect