Vulnerability Scanning

Published by Joe D on

What is vulnerability scanning?

Vulnerability scanning is the process of examining external and internal attack surfaces to identify weaknesses that will be exploited by malicious actors who attempt to infiltrate an organization’s systems, data, network, infrastructure, web page, or application.

What is meant by “weaknesses”?

Given the complexities of information technology in 2024, this is a broad term.  However, as technology has evolved, so have the vulnerability scanning capabilities.  Listed below are some of the top security vulnerabilities that scanners identify.  Bear in mind that this list only covers a handful of the possible vulnerabilities, but will give an idea of the range of the attack vectors:

  1. Poor Authentication – We are accustomed to using our IDs and passwords to log into applications and web applications. However, there are many “back-end” automated processes that use credentials to authenticate.  Often, these credentials are not adequately set up and protected.
  2. Misconfiguration – Consider all the components of an Information Technology infrastructure and their respective complexities and the probability of an incorrect security setting increases. Despite best efforts, details are often overlooked.
  3. Encryption and Cryptography – Over the years, encryption, like the technology it protects, has evolved. Malicious actors, along with automated tools, have learned how to break weak encryption algorithms.
  4. Outdated Assets – It is evident that technology becomes obsolete quickly. The expense of upgrading to keep pace with this obsolescence is difficult to absorb.  Added to this is the fact that many of the developers of technology have elected to no longer support older versions of their product.  Malicious actors know this and take every opportunity to exploit this weakness.

What is the first step?

The utilities and resources are available to help you.  Engage and challenge your Information Technology professionals and partners to “dig deep” and be prepared to direct investments to protect information assets.

Why worry?

Big or small, you are a target.  “Micro Cyber Attacks,” or attacks on smaller organizations, were once considered less probable.  However, “Economy Hackers” exist and will look to exploit vulnerabilities to hijack systems and data in an effort to monetize.

Categories: Uncategorized