It seems that the more sophisticated we get with the security interventions we employ to keep criminals off our properties and out of our homes, the more sophisticated criminals get in their methods.
And the cyber criminal is no different.
That’s why companies must regularly assess their IT security to ensure that they understand their security profile and know exactly how and where they are vulnerable and fix it before cyber criminals discover and exploit the loophole.
“Information systems are constantly evolving – as are the growing number of threats which come with having an internet presence," says Dries Morris, managing director of Securicom. "These changes result in new vulnerabilities that could lead to a compromise of a company’s critical systems and put vital information at risk.
“As such, companies should have an accurate view of their security environment to ensure that they are informed of, and prepared for, any new threats and vulnerabilities. To achieve this, companies must perform regular assessments of their IT infrastructure to identify and resolve vulnerabilities.
“Specialised vulnerability scanning software can interrogate IT systems and test for gaps and vulnerabilities in the security environment, enabling companies to be proactive in initiating defences against attacks on their networks.
“It’s like looking at the network through the eyes of a hacker to see where gaps and loopholes could be used to compromise it. Only once you know where the weaknesses are can you begin to close the ‘holes’,” he adds.
Morris says that all organisations must make vulnerability scanning a priority – but, specifically those that have an internet presence, such as ecommerce sites and companies that provide access remotely into the organisation to users or partners or even organisations. In fact, even companies that have a website available on the internet should ensure that routine scans of their security environment are carried out.
He points out that vulnerability scanning should preferably be performed by a specialist third party organisation that has no vested interest or involvement in the organisation.
“The reason for this is that you will get an impartial report on your infrastructure. It also means that companies have access to a specialist skill for a fraction of the price of employing people with this knowledge in-house, especially since this is a function that is not typically performed on a daily basis.
“Another benefit of outsourcing is that there is no capital outlay for the purchase of hardware and software in order to commission the service,” he explains.
According to Morris, Securicom provides a fully-managed vulnerability management solution, SecuriScan, which is deployed within one of South Africa’s biggest ISP’s datacentres.