Data is the new currency of the digital age. It is constantly being collected, analyzed and sold. Data is an intangible thing; you can’t hold it in your hand. Is it any less valuable than money? I would argue that in some cases, it is more valuable than money. If it is more valuable than money, then there must be bad actors looking to gain access to it. There are. There are more people trying to get into these systems on the daily than all bank robberies in the last 100 years. However, unlike a bank that has a physical vault, data is stored in information systems. So how do you ensure that your data remains secure? By using security testing.
Security testing is an overarching term that refers to the process of identifying and addressing vulnerabilities within a system/application to safeguard data. This can take the form of identifying potential vulnerabilities by looking at code (white box testing), penetration testing (a form of black box testing), among many others.
This makes sense, however businesses are money focused….why do they spend the EXORBITANT amount of money that they do on security testing? Afterall, you are not gaining revenue by security testing. It is not a direct correlation in the way that sales = profits. According to the blog linked below, it comes down to reputation, financial losses and regulations.
Reputation is pretty self-explanatory: I am not going to be eager to hand over my bank information or social security number if I know that company has been involved in multiple data breaches. There is a necessary level of trust between a company and a customer in order to do business. If I do not trust that my information will be secure, I will choose a different company to do business with.
Financial losses are a multifaceted issue. There are the direct costs: if a company is attacked by ransomware, they will have to shell out $X to attempt to get their systems back. Then there are the less direct costs: the example given was that insurance companies will choose not to insure a company if they keep having security breaches. Choosing not to have adequate security testing means that a company is too risky of a business partner to do business with. Once a company loses insurance coverage, it is not a rosy outlook for the future. Insurance companies run the world.
Finally, in order to be commercially viable, software needs to meet regulatory security standards. This could be on an industry, state or international level. The need for enacting regulatory standards illustrates just how important security testing is.
Moral of the story: Security testing is about spending money to not lose money and being a good digital citizen. You need to protect everyone else’s information as if it were your own.
This blog post was written in response to : https://sdtimes.com/test/the-importance-of-security-testing/
From the blog CS@Worcester – CurrentlyCompiling by currentlycompiling and used with permission of the author. All other rights reserved by the author.