How Often Should Vulnerability Assessments Be Performed?

"Cyber-crime is the greatest threat to every company in the world."

Those are the words of IBM's Chairman, President, and CEO, Ginni Rometty, in 2015. Since the threats to corporate cybersecurity have increased:

  • The potential cost of cyber-crime internationally is $500 billion a year
  • Data breaches will cost the average company more than $3.5 billion
  • Ransomware attacks grew by 36% in 2017
  • 1 in every 131 emails contains malware
  • 43% of cyber-attacks target small businesses
  • 230,000 new malware threats are produced every day

Today, almost everything is connected to the Internet, which can be a dangerous place. Within any organization, employees are using email, remote access, and the internet on a daily basis, opening the door for a potential cyber breach at any moment. And it's nearly impossible to monitor and manage every point of entry within your network.

"I don't know that much about cyber (attacks), but I do think that's the number one problem with mankind," said Warren Buffet, Berkshire Hathaway CEO, at an investor meeting, where he suggested that cyber attacks are a more dangerous and imminent threat than nuclear, biological or chemical warfare.

An effective way to mitigate the impact of a potential cyber threat is to establish organizational policies related to regular vulnerability assessments, which will provide the company with insights into where it can improve its cybersecurity efforts.

Performing Proper Vulnerability Assessments

An organization should scan its network at least once a month to address any potential vulnerabilities. A network scan should include all devices with an IP address, such as desktops, laptops, printers, routers, switches, hubs, servers, wired and wireless network, and firewalls. Multi-function printers, like copy machines, connected to an IP-address or internal network should also be included in the assessment.

You will want to assess whether there are missing software patches and updates and that no changes have been made to your network. Many of the most significant hacks have been created through vulnerabilities left open when software wasn't updated. The recent hack at Equifax, one of the world's top credit reporting agencies, occurred because it hadn't updated a known security flaw with a patch that was made available months earlier.

Disaster Recovery Plan

At the same time, you want to make sure you have a disaster recovery plan in place. This includes what to do if your assessment reveals a vulnerability (or an actual breach), or if malware, ransomware, or a virus has managed to infect your systems.

Consider Getting Outside Help

It's not enough to run automated scans and do periodic testing. Are you also performing penetration testing, vulnerability assessments, security audits, and code reviews? If you want to maximize your protection against cybersecurity threats, you may need to consider bringing in professionals to help you monitor and maintain your system. Performing a complete analysis of your systems can provide your organization with the protection it needs to keep proprietary data safe and ensure disruptions to your day-to-day business are minimized.

Any solution starts with a conversation. Our team is ready to discuss your projects, immediate security concerns and confidential actions. We are looking forward to hearing from you.

Let's discuss your security needs

If it's an emergency, call us now – 305-423-7132

Any solution starts with a conversation. Our team is ready to discuss your projects, immediate security concerns and confidential actions. We are looking forward to hearing from you.