As always, with the intent to assist organizations with cyber resilience and with what it means to embrace holistic cybersecurity, as well as why it’s important to stay in business in this digital and data driven world, we’re going to share with you all you need to know about security assessments.
First an interesting fact you may want to know about security assessments. Our very own CEO, Mike Fitzpatrick, has talked to about 500 CEOs in the past year, and when the topic of security assessments came up this is what he found out.
- Only seven out of 500 CEOs have conducted a security assessment. Yes, you understood correctly, only seven. That’s not even a quarter of companies who know where they stand with anything security related within their organization’s day-to-day operations, network, data protection, and more.
Without a security assessment, a company doesn’t have eyes on any of their weak spots or on any of their strong spots. This means they’re not reactive, proactive or anything of the sort with cybersecurity or if breach happens.
When you conduct a security assessment you gain knowledge of your internal and external issues. You find out if you need patch updates on software, if you have any open ports or web app vulnerabilities, you learn about your internal network blind spots, the limits of your security tools, and exploits that can happen via unauthorized access.
A security assessment also includes a scan for your Internet facing systems, which are continuously undergoing changes. Scanning on a regular basis is important because your secure environment can change unexpectedly with newly added equipment, mergers, or even when you conduct downsizing activities. Thanks to this type of scan you gain the confidence you need to know that your critical information is protected from overlooked configurations or undocumented changes.
You can’t fix the flaws you can’t see, which is why when you conduct a security assessment, beyond scanning for vulnerabilities, penetration testing should also take place. This is when you test what vulnerabilities are present in your network by having someone try to get in to your network. By pen testing you get a better picture of what areas you want to focus on first with your network vulnerabilities. But it doesn’t stop here.
With a proper security assessment, you also gain knowledge on what sensitive data needs your priority to protect, while also keeping in mind compliance requirements (at least for those companies who are subject to meeting such requirements; which between HIPAA, PCI, NIST SP 800-171 or GDPR, this means pretty much every type of company, no matter what industry they’re in).
If you’re ready to gain an overall picture of your security posture, including what data may be particularly vulnerable, and prioritize the risks that need your attention immediate, give us a call.
Every business is a data driven business that works on a network; therefore, cybersecurity is not going away. The sooner you conduct at least one security assessment, the sooner you can see what needs to be done to bring security to all areas of your business, and also plan for incident response, if breach were to happen (but before it happens).
Photo courtesy of Igor Petrov