Caveat Emptor AND Venditor: Security is Up to Everyone
Recently, a slew of companies announced bug bounty programs. That’s great that businesses are taking more responsibility for proactively catching problems that can turn into security vulnerabilities. It’s also a great reminder of the “seller beware” counsel. But do bug bounty programs go deep enough? What else can sellers do to protect themselves and their customers from potential security risks? Regardless of whether you sit on the seller or buyer side of the technology fence, understanding the ripple effects of an organization’s level of security—good or bad—is paramount.
Not only is it time consuming and extremely expensive to clean up after a breach, but the fines associated with noncompliance can also hit hard. For instance, Finra, the Financial Industry Regulatory Authority, reported in its 2015 annual report that the average compliance fine is $205K. HIPAA fines for non-compliance range from $100 to $50,000 per violation with a maximum of $1.5M.
And if the financial penalties of today aren’t motivating enough, consider the ramifications of tomorrow. Cyber security issues uncovered through due diligence during a merger or acquisition can often end up being a deal breaker or price cutter, as CSO/Australia reports.
Meanwhile, according to the 2016 Financial Industry Cyber security Report, the U.S. commercial bank with the lowest security posture is one of the top 10 largest financial service organizations. And, several malware families were found at 75 percent of the top 20 U.S. commercial banks.
One effort, as reported by Fortune, is being led by a former hacker to devise a security ratings system for software, akin to a nutritional label. This will help customers, of course, but what about the sellers of that software? Companies in the business of selling software or other technology need to think about what they can do during the design and deployment phase.
Those who are users of that software or technology also have a responsibility: to have reflexive and responsive protections in place, from a visibility and security standpoint. It’s what ensures the integrity and value of your company—to customers, partners, employees, investors, and others.
For tight security, organizations need to take a holistic approach with a 360° view. When you move out of the defensive-reactive posture, it makes all the difference. And that means thinking about security from the manufacturer’s view, as well. This is why Ixia creates technology that spans end to end: from development to deployment.
Ixia test solutions help manufacturers test their technology to ensure it is bug-free and that it will perform as promised. On the customer side, Ixia test, visibility, and security solutions help businesses assess the resilience and strength of their networks and applications before deployment by emulating the type of traffic, threats, and other conditions that they typically or potentially could experience. And, in operation, the Ixia Security Fabric combines resilience and context-aware data processing to continue to secure and strengthen the infrastructure. When combined with global intelligence, such as what the Ixia Application and Threat Intelligence Research Center feeds into the fabric, the entire infrastructure is bolstered.
Learn more about Ixia’s Security Architecture and how test, visibility, and security can help strengthen sellers’—and buyers’—security.