Cybersecurity remains high on the agenda for businesses navigating the unprecedented landscape of 2020. With cybercriminals phishing to take advantage of the pandemic, and the shift to remote working creating new opportunities for hackers, cyber-attacks are booming.
We’re going back to the basics of cybersecurity to shine some light on vulnerability scanning, and what makes it the foundation of your IT security solution.
Whether it’s in your network, infrastructure or web application, a vulnerability is a flaw in the code which has the potential to be exploited by a cybercriminal. Like leaving the back door unlocked, vulnerabilities in your systems present hackers with an opportunity to let themselves inside and take their pick of your most valuable possessions (whether that’s business-critical data, financial records or personally identifiable information).
Common vulnerabilities and exposures (CVEs) are known vulnerabilities that have been publicly disclosed, like the recent Windows Netlogon vulnerability for which a patch is already available. The more complex your system, the higher the likelihood of a vulnerability being present.
Threat actors scour the web searching for exploitable vulnerabilities, looking for opportunities to install malware or steal data. Vulnerabilities can be exploited in a range of ways, commonly via SQL injections, cross-site scripting (XSS) or remote code execution (RCE).
Not all vulnerabilities are equal – for some, the potential risk is more critical. The Common Vulnerability Scoring System (CVSS) is used to help determine the severity of known vulnerabilities and prioritise any required action. CVEs are graded on a scale of one to ten, where a score of nine or ten is regarded as a critical risk.
According to Edgescan, almost 68% of systems in 2019 had at least one CVE with a CVSS of four or more. For businesses that process payments or handle customer credit card data, this would be in breach of PCI DSS compliance.
Carrying out regular vulnerability scans involves an automated audit of your network and devices, searching for weaknesses in the perimeter, misconfigured systems or other flaws that could be exploited. Both internal and externally facing systems have the potential to house vulnerabilities. For this reason, different types of vulnerability scans exist:
Vulnerability scanning is often used as part of a two-step process along with penetration testing, during which ethical hackers try to break in using the flaws found in the vulnerability scan to help you figure out how to fix them.
Carrying out effective vulnerability scans is an essential step in your business’ security plan. To ensure the process is as effective as possible you first need to have good network visibility, as it’s impossible to secure endpoints of which you’re unaware. Keeping your whole system patched, updated and carrying out regular scans will reduce the risk of falling victim to the hackers.
Ready to step up your security? Threat Vision from UKFast provides robust security solutions with unlimited vulnerability scans included and expert remidiation advice on hand 24/7.