If you have questions about cybersecurity, we have answers! Explore these commonly asked questions to learn more about threats, attacks, prevention, and management. You can also discover tools, like vulnerability assessments and penetration testing, that can help increase your company’s security posture.
Vulnerability management is the continuous, and often automated, process of finding, testing, analyzing, ranking, and tracking vulnerabilities and cyber threats. It can be performed as cloud SaaS or on-premises and includes several components such as vulnerability scanning, vulnerability assessment, cyber threat management, cyber risk management, and attack surface management.
Vulnerability management is a critical component of your cybersecurity program and is often required by companies to show compliance with policies such as PCI and HIPAA.
Vulnerability scanning is the process of scanning all assets to determine where security weaknesses and risks exist. Additionally, scanning provides the data that’s needed to assess the security posture of your devices and networks.
The automated software crawls through assets and applications and tests them for common problems and compares them to the list of known vulnerabilities to see your risks. When the scan is complete, a report is generated that shows each network vulnerability, how high or low of a priority fixing the vulnerability is, and steps for vulnerability remediation.
A vulnerability assessment uses vulnerability scanning to identify vulnerabilities and uses relevant data to assess the risks that the identified vulnerabilities pose to the organization. It is the process of identifying, classifying, quantifying, and prioritizing the vulnerabilities that exist within computers, applications, and networks. The assessment should encourage the organization to take action based upon the findings and remediate the identified vulnerabilities.
A vulnerability assessment looks at activity at a single point in time (can be days or weeks). Therefore, assessments should be performed on a recurring basis to ensure strong VM is taking place at the organization.
The benefits of a thorough VM program include: Risk reduction and damage mitigation to organizations; Real-time security visibility across all assets; Availability of security program reports; Discovery of priorities for developer education to mitigate future vulnerabilities; Efficient use of personnel resources; Security protocol compliance; Speedy vulnerability remediation.
Risk-based vulnerability management takes the vulnerability scanning one step further than regular vulnerability management. Risk-based vulnerability management uses agreed-upon criteria to sort, filter, and prioritize responses and remediation for the company’s IT team.
Essentially, it saves the IT team time and resources by finding the vulnerabilities most at-risk and putting them at the top of the remediation list, rather than applying every update right away, or having an ineffective approach to remediations.
The criteria used should be based on risk context related to the specific company, its industry, and currently known and predicted cyber threats.
Risk-based vulnerability management is a continuous, on-going, dynamic process.
Vulnerability scanning is the automated process of scanning all internal and external assets (on-premise, cloud-based, and/or hybrid) and providing information needed to assess the security posture of the devices connected to an organization’s networks.
A penetration test (“pen test”) is best described as ethical hacking and is part of a comprehensive VM program. It is different from vulnerability scanning in that a pen test is not automated but rather performed by a security professional to find and exploit a specific system vulnerability. It determines if a potential vulnerability could be exploited and lead to data compromise. The results of a pen test allow organizations to examine the costs of a potential breach and plan remediation.
We recommend that you have both applications as part of your cyber defense. While both are strong on their own, when brought together, penetration testing and vulnerability scanning reinforce each other and increase your cybersecurity score. A pen test can help ensure that the fixes you made to your vulnerabilities are working.
While vulnerability management includes a number of components and provides many benefits to an organization, it is not a sufficient security program on its own. Networks, devices, and applications are complex and threats are continually expanding, and just knowing your weaknesses won’t enhance your security posture. Organizations need to remediate their most at-risk vulnerabilities, while also having a comprehensive cyber risk management policy and program in place.
The best vulnerability management program should be easy to stand up and simple to use, and should: Identify vulnerabilities; Prioritize remediation tasks; Assess improvement; Verify remediation; Report on security posture.
Security posture refers to the current security status of an organization’s devices, information, networks, and systems. It looks at the resources, controls, processes, and capabilities in place and determines the readiness of an organization to detect, contain, respond to, and recover from a cybersecurity threat or attack.
Organizations can use their current cybersecurity score to make improvements to their policies, processes, and resources and increase their security posture.
Ways to enhance security posture include taking inventory of assets, performing ongoing risk management and prioritization, having vulnerability management in place, and following compliance regulations.
A Network Map takes network intelligence data that has been captured over time and overlays it onto a pictorial representation of your network. This representation allows organizations to view and interact with the relationships and interconnectivity of their assets while pinpointing at-risk network segments and areas of key vulnerability and active threat to then perform remediation.
The contextual view of how a vulnerability affects the surrounding network components provides the security team with a clear understanding of the vulnerability’s impact so they can prioritize remediations and enhance the organization’s cybersecurity score.
Cyberattacks occur every day and happen to everyone. You need a cybersecurity/cyber risk management program in place so that your data doesn’t fall into the wrong hands. Attacks happen about once every 39 seconds, are constantly changing, can have long-term effects on a company, and cost an average of $3.86 million.
Cyberattacks are more common than you probably realize. According to Forbes, there is a ransomware attack every 10 seconds, while a report from the University of Maryland found that a cyberattack occurs every 39 seconds. And cyber threats are growing: the FBI reported a 300% increase in reported cybercrime in recent years.
Yes, there are a number of software and tools that you can use, including vulnerability scanning and assessments, penetration testing, firewalls, endpoint security management, gap analysis, and more. One of the best things you can do to help with threat management is to conduct cybersecurity awareness training for employees.
Continuous threat monitoring enables organizations to stay ahead of today’s growing threat landscape by constantly evolving and assessing risk. It allows for real-time monitoring so threats can be prevented and remediated as necessary.
Cyber threat management can be included in Vulnerability Management but includes more than just vulnerabilities. It coordinates the identification and response to threats so that they can be neutralized efficiently. Cyber threat management differs from threat detection and response as TDR focuses on identifying and remediating threats within an IT infrastructure only.
Cyber risk management assesses and manages an organization’s overall cybersecurity posture by identifying the risks, including vulnerabilities and threats, exploitability, and the impact of exploitation, that threaten an organization’s cybersecurity.
Attack surface management is the continuous discovery and security monitoring of any external digital assets that transmit and process sensitive data. It secures the many vulnerability possibilities outside of a firewall that attackers find in their discovery for vulnerable organizations.
Managed Service Providers (MSPs) support their clients in assessing and managing cyber risks while minimizing the exposure of clients and mitigating the attempts made by cybercriminals. MSPs deliver effective security services at scale to protect organizations across multiple attack vectors.
MSPs are a distribution channel for technology providers and provide Service Level Agreements (SLAs) related to latency, availability, redundancy, support, resource performance, and provide skilled resources.
A vulnerability is a gap or known weakness in a company’s network security or application security that could be exploited. It’s the way attackers enter an organization’s network or system.
A threat is something that can exploit a vulnerability and what organizations are defending themselves against. Threats can be deliberate like a virus, or unintended, like lost credentials.
A cyber risk is the damage that could result from a threat exploiting a vulnerability. Risks include financial losses, data loss or corruption, damage to an organization’s reputation, and legal problems.
Common types of cyberattacks and threats include phishing, ransomware, malware, Distributed Denial of Service (DDoS), credential stuffing, password spraying, and mobile device attacks.
There isn’t one industry or group of people who are more at risk for a cyberattack than others. Big businesses are at risk thanks to larger networks and systems and more endpoints to attack. Businesses with financial, health or other data and information are also targets. Small businesses might think “Oh I’m too small, no one would try to hack me” and that’s the wrong attitude to take. Small businesses are perhaps more vulnerable to an attack because they may not have a dedicated IT team, or cybersecurity asset management, processes, or systems in place. Individuals are targets for hackers as well. Basically, if you have any presence online, you’re at risk and should make sure you have cybersecurity tools and protocols in place.
Attack vectors are the paths, methods, or situations that cybercriminals use to breach an organization’s network and access its system and data. Common attack vectors include: Compromised usernames and passwords; A malicious insider, such as an unhappy employee, who exposes company information and vulnerabilities; Poor data encryption; Misconfiguration/errors in system configurations; Ransomware; Phishing; Trust relationship, such as connecting 2 domains so only one log in is needed to access resources.
Malware, aka “malicious software”, is created to intentionally harm your network, system, computer, or website. Once the malware is deployed, it can access your data, spy on your activity, and disrupt your overall business operations. Viruses, spyware, worms, and Trojans are common forms of malware.
Ransomware involves malware. When a ransomware attack occurs, the attacker deploys malware, gets into your data, encrypts it, and then forces you to pay a ransom in order to get your data back. If you’re the victim of a ransomware attack, be careful! Just because you pay the ransom doesn’t mean you’ll get your information back. Attackers are known to take the ransom and run.
Phishing attacks can include malware and ransomware. There are a few different types of phishing attacks but the most common is email phishing. The email may look like it’s coming from someone you know or a company you trust and asks you to download an attachment or click a URL. That attachment is actually malware, and the URL is a fake website that has now collected your information and can hack your computer. Always check email addresses, URLs, and attachments before opening or clicking on anything, even if it looks legitimate.
When a vulnerability that no one is aware of is breached, it is referred to as a zero-day vulnerability, as no time elapses between the attack taking place and the vulnerability becoming public. If a hacker exploits the vulnerability before a patch can be released, the attack is known as a zero-day attack.
Social Engineering is the most powerful tool in a hacker’s arsenal and helps them gain access quickly, quietly, and easily into your network. Social engineering jeopardizes your entire cybersecurity system.
Social engineering uses human emotion and psychology to manipulate people into handing over sensitive information.
Social Engineering tactics include the attacker obtaining background information on the victim, building trust and rapport with the victim (often by impersonating a real individual), obtaining the information needed to perform a cyberattack, and then the Social Engineering Attack.
Information that the cyber hacker tries to gain access to includes bank account details, social security numbers, usernames and passwords, and other sensitive data.
A Social Engineering Attack occurs after the hacker obtains information from their targeted victim and gets into their network.
Types of Social Engineering Attacks include baiting, scareware, pretexting, phishing, spear-phishing, watering hole, and whaling, quid pro quo.
Given the human emotion and psychology element of a social engineering attack, it is easy to fall victim to these tactics and attacks. But there are ways that organizations can defend themselves, including employee training and education, keeping devices locked and protected, using multi-factor authentication, and viewing email attachments with caution.
Cyber attackers use Remote Code Execution (RCE) to access and change a computer owned by someone else. The attacker does not need authority to access the computer and can access it no matter where the computer is geographically located. With Remote Code Execution, the attacker runs a code (sometimes it’s malware) on the computer or server to then take it over.
The most well-known RCE attack is the WannaCry ransomware outbreak that occurred in 2017 and infected more than a quarter million machines across 150 countries. The effects of the attack have been long-lasting and WannaCry attacks are still occurring.
RCE is a type of software security vulnerability and there are two common attack vectors that can lead to RCE: dynamic code execution (direct, indirect, and deserialization), and memory safety (include software design flaws).
Remote Code Execution attacks are complex and preventing them can be difficult but organizations have better odds of avoiding RCE attacks if they: Always keep operating systems and third-party software up-to-date; Use buffer overflow protection; Sanitize user input; Properly configure user authentication mechanisms; Use a firewall; Use Access Control Lists; Use proper threat/intrusion detection software; Have a response plan.
In the IT world, a backdoor is considered to be any method that allows someone to remotely access devices without the owner’s knowledge or permission and gain high-level user access. Cyber attackers can install a backdoor onto a device using malware, through software vulnerability exploitation, or by directly installing a backdoor in the hardware of the device.
Hackers use backdoors for a variety of reasons including: surveillance, data theft, cryptojacking, DDoS attacks, sabotage, and malware attacks.
Examples of common backdoors include: Trojans, Rootkits, Hardware, and Cryptographic.
Organizations can protect themselves from backdoors by: Changing default passwords; Enabling multi-factor authentication; Monitoring network activity; Only downloading and installing applications and plugins from reputable sources; Having a cybersecurity solution in place.