Vulnerability Assessments – What are they and why do we need them?
A Vulnerability Assessment (VA) is a process which enables us to identify, define, classify and prioritise vulnerabilities in a businesses’ virtual and physical IT systems, applications and network infrastructures. Put simply, an Intuity Vulnerability Assessment (VA) is an expert review of external and internal IT Systems. This is usually carried out by two of our qualified security professionals onsite resulting in an extensive report which will outline identified risks to the business, recommend mitigations and potential solutions and advise on actionable outcomes.
The aim is to educate, increase awareness and reduce risk of threat or attack for the business. We are ISO 27001 Certified and take this comprehensive, risk assessment-based standard for Information Security Management Systems (ISMS) best practices to everything we do, both for ourselves and our clients
Focus on the positive
We believe it is important to recognize the areas of strength within a business also so an important part of the overall Intuity VA is the “Areas of Strength” section which details those areas of IT Security which the team within the business are already performing well on. This helps the team to see how sometimes what seems like a small thing can actually make a really big difference to the overall security and therefore the performance of the business. This also encourages the team to know they are on the right track and that they have the ability to improve their security status further.
So how does it work?
The Intuity VA team will begin by taking the business through various phases beginning with information gathering – which allows us to get a true sense of the status quo within the business and the team in relation to IT Security. This is followed by a series of in-depth audits from a review of the physical infrastructure on site right through to analyzing the status of internal and external ports. All findings are then analyzed before a bespoke report is created for the business in question outlining key findings, guidance and solutions.
The findings will range in risk levels from low findings through medium and high to critical and can cover everything from access and permissions to passwords and unpatched devices. The report will always present the issues with the biggest impact but that is the easiest to fix first for the business.
The Intuity Method
The team at Intuity have been carrying out these high-level assessments for businesses across myriad sectors for years now and over this time we have developed methodology which is industry best practice, through constant introduction of updates and improvements directly responsive to the dynamic, dramatic and sometimes treacherous environment we work in. This methodology is a key differentiator for us in that we deliver more than just a SA or a SA (Security Assessment) at any given time. Our team aims to look beyond the immediate problem into problem-solving and crisis management for the future.
Regardless, there are always very common, easily fixed vulnerabilities that continue to reappear time after time. Here are some of the most frequently found vulnerabilities:
Insubstantial passwords – 3-character passwords can be cracked in 4 Hundred Nanoseconds
Unrestricted access to confidential data. Examples of this: Office/Admin staff having unrestricted access to Financial / Payroll or HR data.
Investigations have identified systems not updated for over two years. This leaves the entire system at a significantly higher risk to common vulnerabilities and posing a greater risk of a data breach.
Open ports on firewalls (Some ports need to be open for business to run I.E port 80 for internet) but open ports essentially provide an open door for potential intruders.
Critical Vulnerabilities in Servers:
Servers have been scanned and shown to be vulnerable to NOTPETYA ransomware
If this sounds like something which would help your business, we would be happy to talk to you. We can help you take a more multi-layered Approach to your security by looking at your overall IT Estate for vulnerabilities to best determine your Cyber Security Posture. We will then:
- Identify any existing and potential vulnerabilities in your system
- Outline the potential impact to business these vulnerabilities pose
- Prioritise for you the order in which these vulnerabilities should be addressed
- Provide you with a menu of short term and long-term solutions which will help