What is a Vulnerability Assessment?
A vulnerability assessment is a systematic process intended to assist in the identification, classification, and prioritization of risks, potential threats, and vulnerabilities in computer systems, networks, hardware, applications, and other parts of your I.T. infrastructure. Vulnerability assessments are essential in order to locate the systems that may be susceptible to any known vulnerabilities, assign severity levels to those vulnerabilities, and then recommends possible remediation or mitigation techniques.
Types of vulnerability Assessments
There are several different types of vulnerability assessments that can be performed in order to strengthen your IT systems and infrastructure:
- Host based Assessment – used in order to identify vulnerabilities in servers, workstations and other networked hosts. This type of scan offers greater visibility into the configuration settings and patch history of the canned systems.
- Network and Wireless Assessment – identifies polices and practices to prevent unauthorized access to private or public networks, and networked resources.
- Database Assessment – database and big data systems are evaluated for weak points, misconfigurations, identifying insecure dev or test environments, and classifying sensitive data across an organizations IT systems and infrastructure in order to prevent malicious attacks.
- Application Assessment – used to identify security vulnerabilities and misconfigurations in software, and web application front-ends source code.
Threats that can be prevented by vulnerability assessment
Some examples of the types of threats that can be mitigated by a vulnerability assessment:
- Code Injection Attacks (SQL Injection, XSS attacks)
- Insecure, faulty authentication mechanisms
- Possible privilege escalation
- Factory defaults, most software and hardware ships with insecure default settings, such as admin passwords that are easily discoverable online.
2019 saw the highest number of Ransomware attacks ever, according to the Emsisoft report. The ransomware attacks at least 966 government agencies, educational establishments and healthcare providers. To be more specific:
Source: https://www.cpomagazine.com/cyber-security/ransomware-costs-in-2019/
– 113 state and municipal governments and agencies
– 764 healthcare providers
– 89 universities, colleges and school districts.
This means that up to 1,233 individual schools were affected.
Do I need a vulnerability assessment?
Ransomware, data breaches, phishing, covid-19 scams, as technology changes, so do the tactics, techniques, and procedures of the hackers. The threat landscape is constantly changing along with the pace of technology itself. The threats and risks of 2019 may not be the same ones we’ve seen thus far in 2020, or the ones we will see in the upcoming year.
With more than 5 billion records compromised in 2019, breaches cost US organizations more than $1.2 trillion
Source: https://www.techrepublic.com/article/data-breaches-cost-us-companies-more-than-1-2-trillion-lastyear/#:~:text=With%20more%20than%205%20billion,organizations%20more%20than%20%241.2%20trillion. 20more%20than%205%20billion,organizations%20more%20than%20%241.2%20trillion
- Average ransomware fees paid out in 2019 was $111,605; with 205,280 organization being affected by ransomware in 2019.
- Increased risks, threats, vulnerabilities, and exploits and being discovered and targeted by hackers every day.
- Without an assessment, IT Management, and stakeholders are left guessing as to how to best spend budgeted resources. IT budgets are limited, knowing which assets to protect ensures that focus can be put on protecting the most business-critical systems.
- Many government contractors are required to have a vulnerability assessment done in order to stay within compliance of government regulation.
How often do I need a vulnerability assessment?
Many are under the impression that a vulnerability assessment should be done annually, however a vulnerability assessment is only a snapshot of that specific time period and leaves the next 365 days until the next vulnerability assessment without any knowledge of new vulnerabilities that may exist internally or externally.
The threat landscape is continuously changing, with new treats appearing almost daily. Continuous vulnerability assessments are crucial in order to fully keep systems as secure as possible.
Here at SME, we provide all types of comprehensive vulnerability assessments, and vulnerability management depending on your needs. These assessments range from annual, quarterly, monthly, and continuous vulnerability management. Our services can be tailored to your needs, or budget!
To find out more about our vulnerability assessment and vulnerability management services, or any other IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.