We secure and protect multiple businesses.

But various businesses will have various characteristics and will face different kinds of threats, with different motivations behind them. That’s why their security needs will also vary significantly, from one business to the other and, especially, from one industry to the other.

Below you will find a general industry-specific guidance regarding recommended ASVS levels . If you need more information regarding your industry or your specific business security needs, contact us and let us help you learn more.

Keep in mind that ASVS Level 1 is highly recommended for all businesses, regardless of industry, for all network accessible applications.

Finance & Insurance

The threat you are facing

Banks, credit unions, stock brokerages, insurance companies and other such businesses are considered a major target both by opportunistic and determined, organized and highly-skilled attackers. In an industry where reputation and trust are essential, cyber-attacks continuously increasing in number and sophistication create an even greater damage.

The goals of these attackers commonly revolve around accessing sensitive data or account credentials that can be used to commit fraud or leveraging money movement functionalities built into applications in order to benefit from it directly. Their techniques often include stolen credentials, application-level attacks and social engineering.

What you can do

Consider ASVS Level 2

For applications that contain sensitive information, like credit card numbers and personal information, and/or applications that can move limited amounts of money in limited ways.

Consider ASVS Level 3

For applications that contain large amounts of sensitive information, applications that allow rapid transfers of large sums of money and/or transfers of large sums of money in the form of individual transactions or as a batch of smaller transfers.

Technology & Infrastructure

The threat you are facing

Organizations in the industries of manufacturing, technology, transportation, utilities, infrastructure and defence may seem to have little in common, but they are all likely targets of focused attacks that take more time, skills and resources.

These attacks are carried out with the goal of gaining access to intellectual property for strategic or technological advantage, or to sensitive data that can be used for direct or indirect profit. Because this sensitive information is not easy to locate, attacks will often involve social engineering techniques, leveraging insiders, outsiders or a collusion between the two.

What you can do

Consider ASVS Level 2

For applications containing internal information or information about employees that may be leveraged in social engineering, as well as applications containing nonessential but important intellectual property or trade secrets.

Consider ASVS Level 3

For applications containing valuable intellectual property, trade secrets or secrets that are critical to the survival of the organization, as well as applications controlling sensitive functionality or that have the possibility of threatening safety.

Retail, food & hospitality

The threat you are facing

With omni-channel shopping, new payment technologies and an evolving digital landscape, retailers represent attractive targets for cyber criminals and cannot afford to ignore security issues.

Aside from the opportunistic “smash and grab” tactics, specific attacks on applications that contain payment information, perform financial transactions or store personally identifiable information are also common. Intelligence and intellectual property can also be targeted through advanced attacks in order to gain various advantages.

What you can do

Consider ASVS Level 2

For business applications and/or applications that contain product catalogue information, internal corporate information, limited user information, small or moderate amounts of payment data or checkout functionality.

Consider ASVS Level 3

For Payment and Point of Sale systems that contain large amounts of transaction data that could be used to commit fraud (including their administrative interfaces) and applications with a large volume of sensitive information.