Today, not a week passes by without reading about passwords being leaked, or social media accounts being compromised, or servers being hacked into and the like. For businesses, DATA is THE most precious possession to be safeguarded. Cybersecurity and cybercrime are the cop and thief in the cyberworld. They both are constantly vying to overtake each other.
SWOT analysis is a common management technique used by companies periodically for self-assessment and for benchmarking with competitors and peers. In the realm of Information systems, a SWOT analysis, similar but slightly different from that mentioned above, should be done. Every company should know how good (strength), how bad (weakness), what are the access points for hackers (opportunities for adversaries), and what are the dangers (threats). All hardware (switches, routers, servers, desktops, laptops etc.) and software (operating systems, applications, utilities etc) should be thoroughly scanned to detect possible vulnerabilities that can be exploited by hackers.
Data can be compromised (hard to know this), or modified (chances of finding this are small), or deleted (will know only when this record is searched for). Nations are enacting laws like GDPR (European Union), CCPA (USA), PDPA (Singapore), APPI (Japan) etc to ensure data privacy and protection. So, organizations must comply with these.
The arsenal of weapons that cybercriminals use is ever-increasing, becoming complex and unravelable. DOS, DDOS, phishing, spoofing, defacing, spamming, identity theft, botnets, ransomware, zero-day exploits, cyberstalking, cyberjacking, cryptomining, government sponsored attacks and the list goes on. So is the list of CVEs (Common Vulnerabilities and Exposures each of which has been assigned a globally unique number). While nuclear war may cause the death of most humans, cyberwar will paralyse the lives of most humans without the firing of a single bullet.
With information systems proliferating across homes, offices, and the society, the hackers can holdany of this hostage by cyberjacking. With rapid adoption of cloud computing, data is stored (either only in the cloud or both in the cloud and on premises). A compromise in the cloud side will cause big damage to not only one organization but possibly to many others.
Vulnerabilities can arise from weak authorization, outdated patches, misconfigurations, poor or no encryption, zero-day vulnerabilities, malicious insiders, social engineering, software bugs, insecure connectivity, buffer overflow, default passwords, unused accounts and the list goes on.
Vulnerability assessment shows “where” the vulnerabilities are, while penetration testing shows how “Big” the damage or disruption would be if those vulnerabilities are exploited. As the proven adage says, ‘Prevention is better than cure’, it is best to assess the vulnerabilities and prepare an incidence or remedial action plan.
IBM’s landmark eleventh annual Cybersecurity Report published in 2021, showed that the cost of a data breach increased by about 10% from US $3.86 million in 2020 to $4.24 million in 2021. Also, for the eleventh consecutive year, healthcare had the highest cost of about US $ 7.13 million. The most lost data was the customer personal Identifiable Information.
An attacker requires a motive to exploit a weakness. The possible loss is the product of the probability that he/she will be successful, and the size of the damage (sometimes unquantifiable) that may be inflicted. One cannot eradicate thieves. One can only fortify the prized asset by increasing the layers to cross and penetrate.
No cybersecurity plan is complete and useful without periodic assessments and testing to identify new vulnerabilities, to assess the potential damage they may cause if left unaddressed and to know the preparedness of the company. It is like a ‘mock fire-drill’. So, vulnerability assessment and penetration testing must be done together and periodically.
Inspace is a technology consulting company that specializes in VA-PT audit. With an expert team of about 300 distributed across India, US and UK, 12 years of experience, over 1000 satisfied customers (most of them are repeat ones), and many awards, the company is well poised to assess, identify, advice, and remediate the IT systems. Penetration testing will be done to demonstrate covertly and overtly how hackers can infiltrate and inflict damage, and how to track their ‘digital footprints’. The company will deliver a detailed report of the vulnerabilities, rating them on probability of exploitation and size of damage and disruption they may cause and remedial actions to be taken ranked on need and priority. The incidence plan will outline how to predict, prepare, and prevent attacks and if they do occur how to respond and recover in the least downtime with the smallest damage. Inspace is a company with niche expertise and a proven record of success and satisfied customers.