As the inimitable Mike Tyson once said, “Everybody has a plan, until they get punched in the mouth”, and as we often say in infosec “it’s not if, but when” - someone will try and sock a punch in your direction at some point.
That’s to say you will at some stage in your business journey be subject to an attempted attack. So how prepared is your online marketplace to weather the storm of a potential cyber attack or data breach?
There are numerous decisions along the way that you can take as founders and managers to help you stand a fighting chance when it comes to resilience in the face of inevitable cyber risk.
Choosing between a third-party or custom-built platform is one of those choices. Are there decisions you can take here that will help you to minimise or remediate risk?
The answer might not be as straightforward or obvious as you may think.
Third Party vs Custom Builds – A Security Perspective
A third-party platform does come with some inbuilt security guarantees. As friends of the Marketplace Risk community, we at Azacus.io conducted a cyber risk assessment of the brilliant Marketplace Risk core web and mobile application on their-third party platform.
Although there were no critical or high vulnerabilities to note, there were a few lower criticality risks still present that it was important for the team be aware of. It was still valuable to have an assessment conducted that will contribute to cyber risk awareness and management.
Although generally reliable security-wise, it can’t always be assured that a third-party application is entirely without vulnerabilities, often down to things like shared infrastructure or out of date plugins.
The other compromise with third-party platforms is that you are always going to be limited in functionality to what the application can offer you. If ground-breaking features and disruptive tech is your bag, a custom application is likely more what you will need.
However, with great creativity comes great responsibility.
Custom builds are a big endeavour, and we can’t emphasize the importance of integrated security testing from the outset. Even the most securely designed and built applications will have vulnerabilities that can likely be exploited with surprising implications.
Say what about security testing?
Many of you will have heard of and perhaps considered pentesting.
Pentesting is the manual process of attempting to breach a system’s security using the same tools and techniques an adversary might. In other words, it’s a contracted, controlled, scheduled cyber attack against your systems, divulging areas of vulnerability and potential business impacts, along with remedial recommendations.
Marketplace Risk rockstars Tutti.space were kind enough to allow us to showcase some of the hair-raising hacks we were able to perform on their fantastic custom-build that provides technical solutions for the creative industries. In a first of its kind session, we’ll be sharing details of these findings at the 2023 Marketplace Risk Management Conference in San Francisco on May 18th.
Custom features can doubtless give you a competitive advantage and provide the flexibility you need to get ahead in your field, but, when assessed and utilised properly, they will also allow for a robust cyber risk management strategy, designed specifically around your business and your unique risks.
Fundamentally, a pentest report will play a founding role in this critically important piece of risk-related work.
Hear it from the hackers…
To find out more, join us at the Marketplace Risk Management Conference in San Francisco from May 16-18, 2023. Don't miss our session, "Hack to the Future: What I Wish I'd Known About Pentesting" on Thursday, May 18, 1:45 PM - 2:15 PM in Room A. Learn how a well-timed pentest can strengthen your marketplace's security and help you make informed decisions for your business.