A huge hacking attack occurred at Capital One Bank last month. 106 million users were affected. Their confidential data was exposed, revealing their names, email addresses, dates of birth, income, social security and bank account numbers. This event has reportedly been one of the biggest cybersecurity violations of late.
Even though the company’s spokesperson stressed on keeping customer information safe as their chief goal, the breach hardly conveyed any real efforts of safety implementations. In an industry as sensitive as the financial one, security lapses like these can cause irreparable damage to the business reputation. It is estimated to cost the business $100-150 million to undo the damage from this hack.
Capital One staff was already wary before the hack took place. Yet, they were powerless to prevent it. What caused the hack? The security sector was falling short of staff and defense software could not be properly installed. The flaws in the system could not be traced in time. Hackers leaped to the opportunity.
The alleged hacker targeted 30 other companies, which goes to show the increasing risks attached to software security especially for banks as they are the favorite hunting grounds for mischievous hackers.
Had the credit card issuer taken greater care in configuring the firewall used for protecting the system, the attack could be avoided. Had the company leveraged their testing to a third party at the right time, they could have secured their platforms before landing in trouble.
Capital One could have invested in high-quality software test management tools and continued to work well even with limited manpower. A shift from a system that was overly reliant on staff to a more automated system could have saved the company millions. Test management tools offer many benefits. Test case environments are easily managed. Test cases are traceable. Graphic reports can be obtained. Various versions of tests can be run. Test scheduling is automated. Manual tests can be run. Defect capturing is automated from failed test cases. Integrated tools can be used together.
Alternatively, they would have benefited from outsourcing their testing needs to a reliable software testing company, who would have employed effective tools and expertise in securing the company’s software.
Security testing is a standard process in any software testing process. For the financial industry, security testing is paramount, as we learn from Capital One example. Security testing for banking software would mean checking all its components regularly. Testers will check if the basic configuration is in place. They will add new test cases to the system, as security concerns evolve. Security testing would involve identifying vulnerabilities in the network infrastructure, flaws in the operating systems, database systems and other software the bank depends on. The applications are tested from both client-side and server-side. This ensures that the client’s browser cannot be manipulated and no unauthorized intrusion takes place on the server code.
Capital One fiasco should hopefully guide the financial industry in the correct direction regarding software security testing. They must learn to take initiative and not prolong security concerns. They must be prompt in handling matters where large volumes of financial data are involved. They will have to figure out the precise needs of their banking software, install upgrades, ensure the system is working up-to-date and have a backup plan, in the event of a crisis or unexpected failure.