CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | AUGUST 20208CIOReviewIN MY OPINIONFind Your Own Vulnerabilities - Before Attackers DoNetworks today are continually evolving landscapes where systems, applications, and the other "things" of IoT can be connected in an instant. While each of these can help an organization realize any number of its business goals, each can include vulnerabilities that provide attackers with a pathway in which to gain access to a company's systems and data. Often, to help find these vulnerabilities and understand the potential associated impact, organizations can engage outside parties to perform costly vulnerability assessments and penetration tests. While bringing in outside parties to perform these types of security testing does have its place, such as in supporting compliance efforts or obtaining an outside measurement of an organization's overall security posture, often businesses do not put enough effort into finding and remediating their own vulnerabilities across authorized and unauthorized systems within their own environment. Attackers Will Eventually Get On Your Network­ Limit and Detect Them!If one of your team members was to fall for a phishing attack and provide an external attacker with access to the internal network, how easily would the attacker be able to find other vulnerabilities to spread their control throughout the environment?Whether a malicious attacker from the outside or a well-intentioned internal employee circumventing security controls, there is someone on your network at this moment doing something they shouldn't which presents a real threat to the organization. Vulnerabilities can be exploited in order to gain initial access to the environment and then to spread control to other aspects of the enterprise. By proactively finding and addressing vulnerabilities before an attacker can find and exploit those, organizations limit the ability of hackers to gain access to other systems. At the same time, delaying an attacker's success provides security teams with the time needed to detect the attackers, remove them from the network before any further damage can be done and prevent the same issue from re-occurring in the future. Master the Basics of Vulnerability Management ­ Proactively Perform a Self-AssessmentEven if an organization only performs one task in addressing cyber security risk, it should be to put into practice. The basics of vulnerability management which are outlined in the National Institute of Standards and UNDERSTANDING NETWORK SECURITYBy Mike Holcomb, Director of Information Security, Fluor Corporation [NYSE: FLR]
< Page 7 | Page 9 >