“Enterprises that implement a vulnerability management process will experience 90% fewer successful attacks…”~ Gartner, Predictions for IT Security Directors
“We already have a firewall and intrusion detection systems“
That’s a good start. However, despite all the attention that firewalls, anti-virus applications and Intrusion Detection System (IDS) receive, security vulnerabilities still plague organizations. By having these tools, organizations often believe that their networks and applications are safe from security incidents. Unfortunately, this is not the case.
The operational environments within businesses are becoming increasingly complex, and more reliant on the use of sofware and data every day. Often little attention is paid to business processes, policies, or any sort of consistent review of security posture. Many systems are not designed to protect network and data from improper configuration, out of date software, or unexpected user intervention from a disgruntled employee. Most sophisticated attacks can bypass intrusion detection systems and penetrate networks, and externally executed code may not be noticed at all. The best defense is fully knowing the existing security status, and understanding the actions required to cover any gaps or deficiencies in your security posture.
“Our company isn’t a target for attacks”
Sure, you’re not Amazon, Apple, Facebook or Google. Recent history of largescale security incidents show not all attacks are targeted. Crypolocking viruses, Code Red, Wannacry, Bagel, etc. attacked systems at random, and operated using specific vulnerabilities. It is important to change thinking beyond “it probably won’t happen” to fully understanding the current situation, and fixing issues by evaluating the facts obtained.
The Technology and Risk Advisory group takes a wholistic approach to vulnerability management – including everything from organizational structure, data endpoints, operational policy, technology management, IT management policy, and existing security management to develop an actionable plan to make your company more secure, and better positioned to detect and act quickly when a security incident happens.
Technology and Risk Advisory Contacts:
CPA, CA, CITP, Information Technology
Audit and Accounting
Technology & Advisory Services
Recent Cyber Security Articles