An annual physical exam is part of a good preventive healthcare plan, helping to ensure that your overall health is sound and that you are fully aware of any potential problems. An annual cybersecurity assessment provides a similarly important evaluation of your company’s network health.
Nobody is immune from the global surge in cybercrime. Relentless ransomware, phishing, identify theft and malware attacks contributed to a 600 percent increase in cybercrime last year, according to the UN Security Council. Another report finds that two-thirds of all companies worldwide have experienced at least one form of a cyberattack.
More often than not, these attacks are entirely preventable. Most aren’t even particularly sophisticated or stealthy. Very often, the most successful and damaging attacks are carried out using ready-made exploit kits designed to take advantage of a startling number of known vulnerabilities for which security patches exist.
The Patch Predicament
According to the national Common Vulnerabilities and Exploits (CVE) database, there are more than 160,000 known vulnerabilities in commonly used software and systems. Attackers exploit these vulnerabilities to get direct access to a system or a network, install malware, run code, and steal, destroy or modify sensitive data.
Patching all of these vulnerabilities has become a challenge due to the sheer volume. It’s common for vendors to issue a hundred or more patches each month. Few IT organizations have the manpower to test and implement these patches in a timely fashion. Over time, that can lead to significant gaps in their security efforts.
In a recent Ponemon Institute study, 60 percent of companies that experienced a data breach admitted that they could have prevented the attacks if they had patched known vulnerabilities. An Osterman Research report found that 64 percent of companies take weeks or months to apply newly issued security patches.
Regular network assessments conducted by a neutral third party provide valuable protection through an objective evaluation of your current security posture along with specific recommendations for closing any gaps. Additionally, seasoned security experts can help you manage the constant flow of patches by identifying your most critical information assets and most serious security flaws and then prioritize remediation efforts accordingly.
A comprehensive assessment will typically include several distinct types of tests designed to create an overall view of your environment, identify and prioritize vulnerabilities, and provide direction on remediation. Assessments often include these four phases:
- Posture assessment. This is a critical first step in any assessment, providing an overall view of your organization’s internal and external security practices. In this phase, your provider should create a complete inventory of all IT assets, including all on-premises, cloud, mobile and third-party assets, along with a detailed record of all security controls.
- IT audit. The provider will verify whether current security controls meet applicable legal, regulatory and industry security standards. In fact, many of these include provisions requiring regular assessments to show auditors that proper security controls are in place.
- Vulnerability assessment. In this phase, conduct internal and external network scans are conducted to identify specific attack vectors such as unpatched servers and applications, configuration flaws, weak user credentials and missing or weak encryption. Vulnerabilities are ranked by risk potential, noting how they might be exploited and the damage that might result.
- Penetration test. This ethical hacking exercise involves simulated attacks on the network to demonstrate how would-be attackers might exploit vulnerabilities and what kind of damage they might cause. When finished, the assessment team will provide a detailed report about their findings.
Like annual physical exams, regular security assessments can help you identify potential problems and take action to improve your network health. With cyberthreats of all kinds spreading rapidly, an assessment from the security pros at Technologent could be just what the doctor ordered. Call us to schedule a checkup.