In part one of our series on Vulnerability Assessments and Penetration Testing, we will discuss the common issues that usually lead to a finding during an assessment of a company’s network or web application. In many cases, the resulting issues are exploitable and can leave valuable data available to hackers.
Data breaches are occurring at an all-time high, which has increased awareness of the importance of network security at the C level, helping IT departments to increase their budgets and move their needs to the top of every corporation’s annual budget. The need for accessible on-demand data used in real time decision making and increased focus on business efficiencies has resulted in vital / confidential data being accessible, stored, and transferred electronically across corporate networks and the internet. Attempted breaches occur every day through the use of automated bots and targeted attacks, but without proper testing, how do you know if your business or a third party service provider of yours is susceptible to attack?
The most basic, and sometimes overlooked tasks, can leave you and your organization at the highest risk for intrusion. So how can we fix that?
Proper Monitoring Network and Application Security
There are a number of common failures that an unseemingly high number of IT departments fall victim to which leave their organizations at risk for intrusion:
- Delays in patching security flaws of operating systems and software;
- Use of unsecure access protocols;
- Lapses in licensing for antivirus, IDS, IPS, and other vulnerability identification and prevention tools;
- Weak passwords for firewalls and other exposed services;
- A loose software management policy;
- Weak secure coding guidelines and QA review processes; and
- Lapses in IT Management’s adherence to security controls and protocols.
All of these issues are preventable by ensuring a proper security maintenance program with sufficient resources dedicated to its execution is in place. A regularly scheduled external and / or internal vulnerability assessment can serve to validate operation of current security practices and identify new issues that may have been introduced as a result of an upgrade or system change.
Part two of our series will focus on how regular Vulnerability Assessments and Penetration Testing can assist with maintaining compliance with regulatory frameworks.