Know Thyself: Why Your Organization Needs a Vulnerability Assessment
Today more than ever, companies rely upon online resources and digital infrastructure to do business.
It is no longer enough to merely have an online presence that will draw traffic to the doors of one’s business, both virtual and physical. Now most companies need to have online resources available so that their employees can conduct their work remotely. This is particularly relevant now in our virus-stricken society. But, providing services comes with a cost- beyond the upfront cost of standing up the system and the expense of whatever service it provides, consideration must be given to the security risk it presents. Olenick has the tools to reduce these risks and keep your environments secure.
There is a balance between usability and security. Every service offered also represents a potential vulnerability that could be exploited, much like putting a door in a wall – a useful feature – leaves open the possibility that the wrong people will go through it. Most businesses have procedures to try to prevent this sort of intrusion, giving out the keys to only those people who should be accessing the resources. But – a lock can be picked, and by nature the Internet removes most considerations of distance. A vulnerable system online can see uninvited visitors from a hundred different countries within a day, and over the years the environment has become increasingly hostile. Any system that is connected to the Internet will be scanned in some fashion by those looking to exploit it within an hour of coming online.
It is a truism that nothing online is ever 100% secure, but then, absolute security is not really a requirement. Those who profit by exploiting other people’s businesses are not usually looking for a challenge. They seek easy targets with the potential for large returns.
The essential rule of good security is: don’t be an easy target. This is where the vulnerability scan becomes essential.
A vulnerability scan differs from a penetration test in terms of degree. If a penetration test could be likened to hiring a professional cat burglar to break into a home, then a vulnerability scan would be comparable to hiring a locksmith to take a look at the place. In practice, it is much easier to perform than a full pen-test and can be accomplished in a shorter amount of time at a fraction of the cost. The result is a list of any known weaknesses in the system being analyzed along with recommended steps to mitigate any issues uncovered. By following the recommendations of the vulnerability assessment, a system (or systems) can be hardened so that no known weaknesses are presented to the outside world. Such a target has no appeal to those who prowl the network looking for the weak links.
Some companies will always be targets for one reason or another, especially those that work on politically sensitive topics or process significant amounts of financial transactions. For those businesses, a true penetration test is highly recommended, but any organization that connects to the Internet owes it to themselves to at least do a vulnerability assessment. Most of the data breaches of the last decade could have been prevented by simply disabling an unused service or applying a needed security patch. Negligence more than anything leads to vulnerable infrastructure. A proactive approach to security is the best treatment for this condition, and that begins with identifying the problems.
Contact Olenick about performing a vulnerability scan and become a hard target.