According to Wikipedia, a vulnerability assessment “is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system.” With regards to IT Management and Cybersecurity, a vulnerability assessment may include: Network Mapping, Vulnerability Scanning, Phishing Assessment, Wireless Assessment, Web Application Assessment, Operating System Security Assessment (OSSA), Database Assessment, Penetration Testing. In our COVID-19 reality, a vulnerability assessment of remote systems that include cloud services and VPN are also important.
Richard Hughes, head of Technical Cyber Security Division at A&O Cybersecurity, told Infosecurity Magazine, “Companies may feel that they should postpone vulnerability assessments or penetration tests while systems are perhaps in a more fluid state than usual, but this would be ill-advised. The need for security assessments is perhaps greater during this time of potential instability.” Indeed, many organizations were put in a position where the switch to an all-remote workforce came so quickly. In the rush to “get it done” security may not have been a top of mind priority. Testing systems to ensure you “got it right” is not a bad idea. The hope is to find and remediate any vulnerabilities before a hacker can exploit it.
In addition, times of instability are perfect for bad actors to take advantage. There has been a rise in phishing emails with the subject of COVID-19 or coronavirus. There is plenty of malware out there related to coronavirus, whether they be in malicious apps or websites. The other question that needs to be asked, is, are the vulnerabilities in emails on devices remote workers might be using at home? Are your staff the vulnerability, or are they aware of the rise in phishing emails?
After the COVID-19 pandemic, there is a very real possibility that the remote worker may become the new normal. Now is a great time for a remote vulnerability assessment. While it may seem to be just another expense, there are cost effective ways to manage this that don’t break the bank. In fact, sometimes there are cost savings by introducing a risk-based approach to vulnerability remediation. Once you have identified what systems are the most mission-critical and you have identified the vulnerability, your organization can take the steps to protect the most important assets and processes for the business.
If you need help with a vulnerability assessment, contact Uzado. We’re here to help during these challenging times.