ProCircular Information Security Experts Corner

Getting Started with Vulnerability Assessments

Posted by Patrick Quinn on Dec 7, 2017 8:32:00 AM

Thumbs Up Thumbs Down.jpg

More than 200 IT and technology leaders from hospitals, schools, and businesses in eastern Iowa came together last month at the Business Technology Conference in Coralville, Iowa – hosted by systems integration firm CEC (Communications Engineering Company) – to learn about new technology and how it can improve processes, profit, and efficiency.

Many types of technology were showcased at the event, but there were plenty of conversations about cybersecurity.

The keynote – Eric O’Neill, an American former FBI counterterrorism and counterintelligence operative, shared real-life stories about how diligence, counter-espionage techniques, and restraint can help identify the numerous spies that create threat potential. (In his words, there are no “hackers” – but, instead, cunning spies that use sophisticated espionage tactics.)

As we talked to attendees, we discovered that IT leaders from organizations of all types and sizes have been noticing signs of potential exploit attempts (or “spying,” as O’Neill called it). This hasn’t resulted in anything catastrophic, thankfully, but these close calls naturally bring cybersecurity conversations to the forefront.

Another topic that seems to be on the minds of local technology professionals: “How should I get started with a cybersecurity plan?” More C-suite executives are starting to emphasize cybersecurity, and they (understandably) want to make the biggest impact possible while also ensuring a financially responsible investment.

If you’re wondering the same thing – how to get started with a cybersecurity plan – we’ll share what we told Business Technology Conference attendees last month: Vulnerability assessments are a great way to begin.

If you haven’t done one before – or even if you have, but it’s been a while – regular vulnerability assessments help you find weak spots in your network where unauthorized access may occur so that you can take action and correct problems.

After evaluating your current internal and external systems, applications, and software, a vulnerability assessment pinpoints susceptibilities or potential threats. A plan can then be established to address the critical weaknesses that expose your most valuable data and resources.

It’s recommended that you conduct vulnerability assessments regularly – at least quarterly, but more often if possible – and rotate vulnerability assessment providers every few years. Each provider offers a fresh perspective, conducting vulnerability assessments in a slightly different way while looking for slightly different things. No matter who you’re working with, it’s important to find a provider(s) that offers skilled staff members, the ability to conduct thorough testing, and well-documented improvement recommendations.

We like to say that investing in regular vulnerability assessments now – before an event occurs – can prevent you from having to talk to the FBI as it investigates a cyberattack on your organization. (In other words, vulnerability assessments can prevent you from facing a breach.)

When’s the last time you conducted a network vulnerability assessment? If you’re not sure – or you’ve never done one before – contact us. We’re here to help!

Topics: Cybersecurity, Data Breach, Vulnerability Assessment, Business Technology Conference