• Home
  • /Learn
  • /Protecting Your Brand: Penetration Testers as Brand Preservationists
background image

Blog

Protecting Your Brand: Penetration Testers as Brand Preservationists

certification

For businesses, brand recognition cannot be understated. In many ways, names and brands are the single most valuable thing a company has. The value of a memorable name for brand recognition is as clear as the way people speak of them. For companies that create a product, service, market or become the first to dominate it, the brand name literally becomes synonymous with the generic product or service itself.

Hi-Liter, Post-It, Wite-Out, and of course Apple all fit into this category, and we’ve only just touched on office supplies.

Case Study: Coca-Cola, The True Value in a Brand Name

The power of brand names can be so integral to a consumer that it surpasses rational thought. How many people do you know who insist only on Pepsi or Coca Cola, despite having cheaper, generic equivalent options available? Many individuals will simply opt to pay the extra money for their preferred, and more importantly, trusted brand. This is the value of a brand. In reality, soda is just carbonated water filled with sugar, and a bunch of other nominal ingredients. There really is no difference between one cola and the next, but you or some of your acquaintances might insist it tastes different. That’s a testament to what over 100 years of branding can do.

In many ways, brand recognition is the only sustainable competitive advantage for an organization. Taking our example, Coca Cola, we can really see the value and competitive advantage of a brand name. Founded in 1886, Coca Cola is still going strong. It’s worth mentioning that Coca Cola’s margins are approximately 18% with a total brand value of around $80 billion USD and climbing every year.

In contrast, Cott Corp, the producers of RC Cola, is valued at approximately $29 billion USD. After performing a little math, this puts the value of Coca Cola’s brand name at $50 Billion USD.

Some 400 years ago, Shakespeare posed the question “What’s in a name?” Well in this case, it’s $50 Billion dollars. In other words, over 60% of Coca Cola’s value is in its brand name. Wouldn’t every business love to have a brand name as strong as Coca-Cola? The only trouble is getting there.

Enter: The World Wide Web

If there is one thing that has challenged more brand names in the past decade, it’s the world wide web. Evidenced by countless news stories on data breaches, brands such as Equifax, Facebook and even Google have all faced the unfortunate task of letting their customers know their personal data has been compromised.

Despite the regulatory obligations that have to be considered and the potential penalties that could be imposed for an information security breach, truthfully, it is the commercial and reputational impact of a customer data breach that should be of greatest concern to businesses.

Trust is the foundation for any brand.

Marty Neumeier, Author of The Brand Gap

A customer data breach erodes your brand’s trust model and, as evidenced above, that is just about the worst thing that can happen. Research suggests that if your organization is impacted by a data breach, 65% of your customers will think about moving their business, and 31% actually will.

Considering these critical facts, it should be clear to most that IT security practitioners, that one of their primary roles is protecting their organizations sensitive and confidential information in order to protect the brand.

Here is where things get fuzzy.

According to Ponemon Data Breach Impact Study, two out of every three IT security practitioners believes brand protection is not their responsibility. In distinct contrast, two out of every three Chief Marketing Officers believe that it is. This misalignment should be very concerning to all business owners.

If the majority of in-house “experts” that organizations employ to protect their brand do not even recognize or acknowledge the impact of their job performance, just how effective can they be?

Enter: Penetration Testers as Brand Preservationists

Among the security issues considered while developing and maintaining an organization’s brand in a digital world is the unavoidable issue of customer authentication. A distinct challenge facing most companies in their pursuit of a slick new service or application is finding solutions that not only allow your customers to interact with you, but also simultaneously ensuring the security of those users/customers personal data is well protected.

If people like you, they will listen to you, but if they trust you, they will do business with you.

Zig Ziglar, Author of See You At The Top

After establishing the value of a brand, exploring the impact of a data breach on customer loyalty and lastly, recognizing that protecting customer data is imperative to brand preservation, where can an organization turn, if not to their own, in-house security professionals?

Penetration Testers.

Penetration Testers, otherwise known as Ethical Hackers, may be your organizations best line of defense against threats to your customers sensitive data, and thereby, your brand.

The primary goals of a high value penetration test are to identify vulnerabilities in an organization’s security posture, measure the compliance of its security posture, test employee awareness of security issues and ultimately assess how an organization would fare if subjected to a real-world cybersecurity threat.

Reports generated through penetration testing provide the valuable feedback an organization requires to prioritize future security investments. To succeed in their role, pen testers must understand what is happening across the entirety of an organization, it’s networks, applications and users.

As well as addressing information security issues relevant to new customer-facing digital services, pen testers must stay current with the ever-evolving threat landscape and new digital trends such as ‘bring your own device’ (BYOD).

While all of this may seem overwhelming, a quality penetration testing firm will have the unique ability to translate security into a language that is understandable across all levels of an organization. In order to protect the brand, an organization must understand the security threats facing their organization, their business’s risk tolerance and the individual roles that employees in an organization perform when defining who should be granted access to systems and data and under what circumstances. In order for this to happen, the information must be presented in a matter than is succinct, organized and, in terms or priority, relatively simple to implement.

When to Perform a Penetration Test

Ideally, organizations should be performing penetration testing at least annually to ensure consistent security. In addition to this, penetration tests may also be performed when an organization:

  • Adds network infrastructure or applications.

  • Makes upgrades or modifications to its application or infrastructure.

  • Establishes new office locations.

  • Applies new end-user policies.

  • Any time new regulations or laws are put in place, such as PIPEDA or GDPR.

For more information, please review our website and contact us for in-depth information on any of the items discussed here.

Packetlabs Ltd.

Our mission to continually stay on top of current threats and vulnerabilities has helped distinguish our testing from our competitors. Often times, firms will try to commoditize security testing by performing automated testing (VA scans) with little benefit to the client. Our methodology only begins with automated testing. Thereafter, our extensive experience allows us to manually uncover high-risk vulnerabilities which are often missed by conventional testing methodologies.

We mandate training and continually learn and adopt new attack techniques for our clients. We are always digging deeper to uncover vulnerabilities that may have been overlooked. Our mission is to maintain the fact that not one of our clients have been breached by a vulnerability we’ve missed; we take this very seriously.

Sign up for our newsletter

Get the latest blog posts in your inbox biweekly!