LOUISVILLE, KENTUCKY
ATLANTA, GEORGIA
CHICAGO, ILLINOIS
CINCINNATI, OHIO
DENVER, COLORADO
MADISON, WISCONSIN
RARITAN, NEW JERSEY
TORONTO, ONTARIO
NOIDA, INDIA
HYDERABAD, INDIA

V-Soft's Corporate Headquarters

101 Bullitt Lane, Suite #205
Louisville, KY 40222

502.425.8425
TOLL FREE: 844.425.8425
FAX: 502.412.5869

Denver, Colorado

6400 South Fiddlers Green Circle Suite #1150
Greenwood Village, CO 80111

TOLL FREE: 844.425.8425

Chicago, Illinois

208 N. Green Street, #302, Chicago, IL 60607

TOLL FREE: 844.425.8425

Madison, Wisconsin

2810 Crossroads Drive, Ste. 4000
Madison, WI 53718

TOLL FREE: 844.425.8425

Atlanta, Georgia

1255 Peachtree Parkway Suite #4201
Cumming, GA 30041

TOLL FREE: 844.425.8425

Cincinnati, Ohio

Spectrum Office Tower 11260
Chester Road Suite 350
Cincinnati, OH 45246

Phone: 513.771.0050

Raritan, New Jersey

216 Route 206 Suite 22 Hillsborough Raritan, NJ 08844

Phone: 513.771.0050

Toronto, Canada

1 St. Clair Ave W Suite #902, Toronto, Ontario, M4V 1K6

Phone: 416.663.0900

Hyderabad, India

Incor 9, 3rd Floor, Kavuri Hills
Madhapur, Hyderabad – 500033 India

PHONE: 040-48482789

Noida, India

H-110 - Sector 63 ,
NOIDA , Gautham Budh Nagar ,
UP – 201301

Does My Business Need a Vulnerability Assessment?

IT research firm Gartner predicts that more than 30 percent of Global 2000 companies will be compromised by the year 2020. As organizations become more and more reliant on the Internet to do business, the threat of data breaches and cyber attacks grows exponentially. Is your business safe from malicious hackers? Should you have your business assessed for potential vulnerabilities?

What is a Vulnerability Analysis?

A vulnerability assessment, also known as vulnerability analysis, is a process used to locate and identify any security-level defects (vulnerabilities) in a network or infrastructure. Vulnerability assessments help businesses pinpoint any vulnerabilities (such as coding bugs, security holes, etc.) before they have the chance to be compromised.

The primary goals of a vulnerability assessment are to identify these vulnerabilities, document them, report them to the organization, and provide details on how to resolve the issues.

According to TechTarget.com, vulnerability analysis consists of several steps:

  • Defining and classifying network or system resources
  • Assigning relative levels of importance to the resources
  • Identifying potential threats to each resource
  • Developing a strategy to deal with the most serious potential problems first
  • Defining and implementing ways to minimize the consequences if an attack occurs.

Today's Biggest Security Threats

While the types of security threats vary from industry to industry, there are some of which that are more significant than others. Reports say that of all compromises, 81.9% of them happen in minutes and 67.8% of exfiltration (removal of data) lasts several days. Some of the most well-known compromises involve large-scale, household names:

  • Equifax - an outdated Apache Open Source code provided hackers easy access to millions of customers' records
  • CCleaner - Hackers took advantage of a cyber security weakness to plant their malware into the base download of CCleaner, causing millions of computers to become infected
  • Yahoo! - Not once, but twice. The first breach involved over 500 million user accounts being compromised, followed subsequently by another report that over one billion Yahoo! accounts were stolen. This primarily was due to lax security policies.

It goes to show that not even the biggest players are safe from malicious intent. Companies from all across the board are at risk for having information stolen. These are the most common to SMBs:

Ransomeware/Cryptoware

By now, most people in the IT industry are familiar with ransomware. WannaCry's attack in May 2017 targeted computers that ran Windows, encrypting as many files as possible in a short amount of time. WannaCry infected over 230,000 computers worldwide in less than a day.

But what is ransomware? It's when cryptoware gets into your computer's system and encrypts your data. Once the encryption has been completed it will then display a ransom note telling the user to pay a certain amount, usually via bitcoin to decrypt their files. Unfortunately, there are no valid reports of users regaining their data after it had been encrypted by WannaCry.

Ransomware is more about manipulating vulnerabilities in human psychology than the adversary's technological sophistication.” 

 James Scott

Scams

We don't mean the Nigerian prince looking to send you an inheritance of a million dollars, either. Scams are still alive and well, the scammers themselves becoming quite sophisticated in their methods. They are now spoofing e-mail addresses of those that you know and trust - for example, the CEO of your company or HR representative - asking for your assistance.

  • Employees of companies have seen emails that appeared to have been sent from their HR departments asking for them to send their W2s to them. Those scammers then use the employee's W2 to submit fraudulent tax returns in order to obtain their refunds.
  • Managers or accounting staff have reported receiving strange requests from executives asking for money to be wired to a bank account post-haste. They will transfer the money only to find out that it was someone impersonating the executive in question. Companies have lost hundreds of thousands of dollars with this scam.

cyber security risks

How to Perform a Vulnerability Assessment

The first step in vulnerability management is to be aware of what your risks are. Do you maintain a list of bank accounts of your customers? What about social security numbers for your employees? A top secret recipe? Take some time to assess your organization, what it has for security protocols, and what you could potentially lose in the event of a malicious attack. After that, list them in an order of criticality - which ones would impact your business most if they were compromised.

Other things that you should identify:

  • All programs that are being run on each and every asset your company owns -- If your company participates in BYoD, ensure that each employee's device is equally secure
  • Notate all of the hardware - servers, computers, mobile devices, et cetera - that contains business information, documenting model number, serial number, and other pertinent information
  • Ensure that there is a thorough documentation of your network's infrastructure and which applications/devices are connected to it at any given time
  • Keep antivirus, malware, and firewalls up-to-date and perform regular scans

Of course, this is not an exhaustive list of the necessary steps to keep your business' information safe - it is simply a guide to help you get started. Are you unsure of how to perform a vulnerability assessment? V-Soft Consulting is willing to help. Reach out to our experienced cyber security experts for a no-pressure, no-risk consultation to discuss what kind of data you need to protect and what methods would be best to guard it.

New Call-to-action

Topics: Business, Technology, Security, Managed Services, Cyber Security

Get tech and IT industry Updates

Cyber Security Assessment