- Penetration Testing Important, but…
- Social Engineering and Poor Patching Responsible for Over 90% of Cybersecurity Problems
- Breach Incidence and Costs On the Rise Again + 5 Ways to Reduce Your Risk
- Cybersecurity Insurance Policies Require Security Audits and Pen Testing
- Wireless strategies for business continuity gain importance as enterprise expand IoT, cloud, and other technologies
- How Cybercrooks are Targeting YOU
- Enabling Digital Transformation with Cisco SD-WAN
- WFH Post Pandemic – What It Will Look Like. What You’ll Need.
- Leaders to looking to the IoT to improve efficiency and resiliency
- Cyber Security Vernacular – Well, some of it, for now
- Why You Need Disaster Recovery, NOT Just Back-Ups
- 10 Reasons Why Having an Expert Manage Your Cybersecurity Makes Sense and Saves Dollars
- Converting CapEx IT Investments into Manageable OpEx
- The Hybrid Workplace – Planning the Next Phase
- Cisco Cloud Calling: Empowering Customers to Thrive with Hybrid Work
- When You Can’t Access the Cloud
- How to Keep On Keeping On
- New Cisco Research Reveals Collaboration, Cloud and Security are IT’s Top Challenges
- Threats from Within on the Rise
- Cloud Covered? If Not, Take Cover!
- Zero Trust and Forrester Wave Report
- Password Based Cyber Attack: Like Leaving Keys Under Doormats
- So, What’s Up With Sensors?
- Sensors and Systems Create a Digital “Last Mile” and Help Skyrocketing Costs
- Scanners Provide Peace of Mind for Returning Students and Workers
- Sensors Improve Operations and Bottom Line… Easily and Cost-Affordably.
- Cisco Meraki Looks at 2021
- 2020 Holiday Shopping: Cybersecurity and Other Tips to Safeguard Wallets and Systems
- How to make the most of the technology you have
- Personnel, Planet and Business Progress: More Interdependent Than Ever Before
- Sure… you can get them all in the boat – but can you get them to work well together?
- Pushing the Zero Trust Envelope – Cisco is Named a Leader in the 2020 Forrester Zero Trust Wave
- Cloud Data Must be Protected, Too!
- Don’t Let Anyone Get the Dirt on You – Make It Instead!
- How IoT Devices Can Help You and Your business
- WebEx – A World of Possibility
- Creating Your Breach Response Plan Now Will Save You Thousands Down The Road
- Been hacked? Here’s what you must do next.
- The Need for Pen Testing is At an All-Time High
- 5 Ways an IT Reseller Improves Your Performance and Peace-of-Mind
- 5G and Wi-Fi 6: Faster, more flexible, and future ready. Are you?
- Network and Data Security for Returning and Remote Workers + Disaster Recovery Symposium
- Collaboration and Cisco WebEx: Protecting Your Data
- Thursday’s Virtual Conference Tackles Today’s Supply Chain Trials and Tribulations
- 10 Tips to Reduce Cloud Storage Risk
- COVID-19 Crisis Fuelling IT Spending
- Supply Chain/Logistics Experts Share Their Expertise
- Cisco Breach Defence Overview
- Announcing Our New Website and Blog
Cybersecurity is something we write a lot about because it is a huge concern for organisations of all sizes and types. One small piece of malware has potential to take down an entire network – even if it only takes seconds for the trojan, worm, virus or other “nasty” to be detected and remediated.
There’s no question that having strong firewalls to guard your cloud and network, as well as endpoint protection on all devices, is critical. As is having strong breach defence plans and expert remediation teams on stand-by.
We’ve also stressed the importance of doing penetration testing to identify where you may be vulnerable. As you read the next few paragraphs, please keep in mind that we believe penetration testing and security audits are an important part of your network care. An absolute necessity – and not just for insurance compliance reasons.
Sometimes the company uses its internal hacking Red Team to ferret out vulnerabilities. These Red Teams will always get in as they are already familiar with your environment and its vulnerabilities. As with any good security auditing/penetration testing firm, they’ll give you a list of what needs to be fixed – but not everything will truly put your firm at risk.
Usually, there are three or four areas of true vulnerability for your firm. When you consider that of the 18,108 threats identified globally last year, less than 2% actually infected organisations in the real world. That doesn’t mean they didn’t do a lot of damage – simply that not all threats materialized.
To take care of everything immediately can be time and budget-consuming. After you have done the penetration testing and security audits (using your own internal Red Teams or an outside security firm), it is recommended that you tackle the vulnerabilities in the following order of decreasing importance:
- Any threat vectors or exploits that are currently in play because they have been successful in penetrating your network.
- Any threat vectors that are likely to be used successfully against you in the future – and this is something your security specialists will be able to let you know.
- Any threat vectors or exploits that have been successfully used against you at any point in the past. Once the hacker or bot gets in somewhere, that vulnerability is targeted over and over.
- New “In the Wild” malware. ITW is a term used to differentiate between malware that has actually infected real people’s machines versus the type of threats that are primarily created through Red Team exercises – also things that only “exist in the zoo”, hence the ITW term.
- Recently announced patches because these are likely to be exploited as soon as possible by bad actors.
- Currently active exploits that are in the public domain. You’ll know – they’re likely in the news, too. – These are typically viruses that have been around a while and keep coming back, just like that regular flu.
You need to consider the risk in proportion to the vulnerability, rather than treating every defence concern equally. In short, you need to determine which of the vulnerabilities represent a true hole that can be exploited by real-world attackers and close that gap immediately.
Today’s organisations are stretched so thin, and threat vectors are evolving so quickly, that many are unable to make a determination on their own. Even if you can do everything else in the house, it often pays to have a third party to this portion of the assessment for you.
To learn more about Security assessment, penetration testing – or see if Security as a Managed Service is a good option for you – please contact us at [email protected] or (416) 429-0796 or 1.877.238.9944 (Toll Free).