Hunger for data
Hackers are always hungry about getting access to treasure which is related to data which they can sell to your competitors or use it for their own purpose. They will be on patrol and big organizations are their targets where they can make big news and also get the data of the customers. Let us speak about retail giants like Amazon, Wal-Mart, Tesco and others. Millions of data is stored in the database and security is very crucial for these big giants. There is no word called “compromise” in this context. If you’re compromising; it is as equivalent to being negligent or compromising your customers privacy. So, if hackers are hungry for data then it is like you are showing yourself as bait.
Safeguarding from the hackers
Identify some vendors who have cool hackers who can hunt for security bugs or identify the security testers in a consultant role and get them on-board; if you have in-house skilled testers, even then it will do. Do not go to a vendor who just blindly run a tool and say these are the vulnerabilities; Agreed that a tool ran some checks and reported some vulnerabilities but, it is what the tool is programmed for and I personally would not call it is security testing. Tool would give some information whereas, you need skilled exploratory testers to show you colony of security bugs. Security Testers will use different techniques, explore in many different ways based on the application; they think of features where social engineering attacks would be the entry point to exploit the vulnerability and many more. You got to find a good geeky skilled security tester or consultant or a researcher who has been in hacking for many years; not just years but has extensive hands-on experience. This is one of the way how you can safeguard from black hat hackers.
Attitude of (Most or Some) Dev Folks
I have personally experienced this where; I reported security vulnerabilities and development team did not fix it however; when the report came from a third-party vendor and they had the same security vulnerabilities that I reported and they fixed them. Now, this talks about the attitude of taking things lightly. They fixed it because they had paid the vendor some cool money. So, this speaks about attitude towards the product. You are working to give some good enough quality product to your customers rather than slipping away from fixing these security bugs. Personal discipline is very much required which should be learned if it is lacking. Not to deny that I have seen developers with a good attitude and thinking skills with respect to the security bugs and sad to say that they are very few just like very few good testers.
Crime / Robbery / Impersonation due to security bugs
You could laugh at this but; your laugh will end when you realize it being true. You can just go to past incidents that might have happened due to security loop holes in the product where someone got some girls confidential data; the person started abusing / torturing / blackmail / Sexual Harassment and such evil stuff. You might want to just put yourself in the shoes or your family member being in the bad situation just similar to above example. What would you do? Would you sue the company? Yes, indeed. I hope now, I need not explain the impact. You must have understood by now.
I stop here and I scream, “Are you next victim?”