You know your body. You know how you feel when a cold is coming on (maybe you're the type who always gets a sore throat first), and can decide which symptoms are a big deal and which don't require a doctor's advice. And if you're not always completely confident in your own health assessments? Well, that's what checkups are for — keeping you on the right track and ensuring your doctor can alert you to anything you might have missed.
Vulnerability tests are just like checkups for your network. During a vulnerability test, the team testing your network seeks out major issues and identifies opportunities for improvement in how your network is protected or is performing. Let's further consider the analogy, and find out how these checkups could positively benefit your organization's health.
Vulnerability Testing and Your Business
When your organization hires a team to complete a vulnerability test, that team is looking for security and resource issues. A common performance issue might include an outdated server not running properly, in which case a vulnerability tester can provide recommendations for an upgrade, much like a doctor might suggest a changed diet if you were experiencing fatigue or soreness.
Also like a checkup, vulnerability tests exist as a snapshot in time. They're not something you want to just do once; instead, you'll want to schedule these tests twice yearly to get a picture of your network's vitals over time, explains Jennifer Allen, manager of Twinstate's Red Team. But, also just like a checkup, just taking that step to book the appointment can be a bit frightening.
"Procrastinating on getting a VA (vulnerability assessment) because of fear is common," Allen says. "There's a definite trend among people who haven't had the time, especially because (companies) tend to pressure IT folks into providing security they aren't trained to provide. Or they might not have the time to provide it because security and IT are two different jobs."
That fear is both common and legitimate, because finding out you have network issues can cause a sense of failure. But remember that your job isn't to secure everything, even if it is your job to make decisions that enhance security, like hiring a third-party VA team. Plus, as Allen puts it, you can't expect a racecar driver to also be a mechanic.
In addition, "You should be asking for an objective third-party view because you might be too familiar with your own network. Testers know the threat landscape and are going to translate everything into IT terms and create a project plan you can work to," Allen says.
Even though a vulnerability test results in a report card of sort, it's not a report card full of "F"s, she emphasizes. "It's a report card of what you should be doing. Every time we (testers) find something, it's good for both parties. Even by just having the assessment done, you're getting an excellent grade."
Vulnerability tests should produce a digestible report you can act on immediately. Click to tweet
And in that way, too, a vulnerability test is like a checkup. The worst thing you can do is not get one — that's failing. That's when diseases sneak up. You might suffer lost productivity, harm to your reputation, or even loss of your business due to outages. In fact, a 2012 report by the National Cybersecurity Alliance revealed that 60% of small businesses go under within six months of a breach.
"It's a serious health concern. The smaller your business the more you really want to be sure you’re maintaining good health because you could go under fast," Allen says.
So there you have it. A vulnerability test is really just like a network checkup, and scheduling regular tests is the first step to better network maintenance. Ready to start?
Originally published on 09/20/2016
Topic: Vulnerability, Data Loss Prevention, Firewalls & Network Security