How Can RIA Firms Afford CyberSecurity?

Network Vulnerability Scanning vs. Penetration Testing
Recent high-profile incursions into all types and sizes of corporate networks demonstrate why Penetration Testing can be a valuable tool for protecting private data. Finding the holes and weaknesses in your network protections before the bad guys do can save astronomical amounts of money as well as your firm’s reputation. However, many RIA firms still have trouble justifying the tens of thousands of dollars a comprehensive Penetration Test will cost. This is where Vulnerability Scanning comes into play.

The terms “Vulnerability Scanning” and “Penetration Testing” are frequently confused or incorrectly used interchangeably. A Vulnerability Scan identifies and reports potential vulnerabilities, whereas a Penetration Test goes beyond that by also attempting to exploit both technical and human vulnerabilities in order to determine if unauthorized network access is possible.

A Decision Each RIA Must Face
For a fraction of the cost of a Penetration Test, a Vulnerability Scan can be run on your network to provide a detailed vulnerability report including recommendations on how to fix the problems that have been uncovered.   While Penetration Testing is ultimately a more thorough test of your protections, a well-run vulnerability assessment can be a good choice if executed by personnel trained in the specific tool utilized. Further, your systems can be evaluated Quarterly or Monthly and still cost less than one Penetration Test. Each RIA must balance testing frequency and comprehensiveness against cost and cybersecurity risk.

The bottom line is that it is critical to regularly evaluate your security to ensure you keep your personnel, firm and client data secure. If you can afford regular Penetration testing to accomplish this, great. If that is outside your means, scheduled vulnerability scans performed by a reputable firm are a good choice to consider.

David Gemma is UNAPEN's CMO and Head of New Business Development and Ken Rode is the Director of IT.  UNAPEN, Inc. is a nationally recognized consulting and software development firm that provides software and technical consulting to the financial services industry. Visit his website at or follow on twitter @UNAPEN.  You can email David at:  

comments powered by Disqus