The Common Vulnerabilities and Exploits (CVE) database, operated by MITRE Corporation, identifies, defines, and catalogs publicly disclosed cybersecurity vulnerabilities. This database lists more than 11,000 exploitable CVEs in commonly used systems, over 30% of which remain unpatched.
For businesses, these numbers mean that there is a good chance that one or more of their systems have unpatched vulnerabilities. This situation puts them at risk for a cyber-attack. By exploiting these known weaknesses, cyber threat actors can exfiltrate company financial data or customer information. They could lock up a company’s systems and hold them for ransom using any number of ransomware malware tools available on the dark web.
A cybersecurity threat assessment will examine hardware and software on a business’s networks and identify any known vulnerabilities or configurations that fall short of cybersecurity best practices. Below, Jason Kulpa, founder and former CEO of UE.co, shares five practical reasons companies should engage a security consultancy to conduct a threat assessment. If the company has specially trained cybersecurity professionals on staff, they can perform a threat assessment in-house.
- Protect customer data, including PII – Everything you know about your customers or clients is valuable and can be sold on the dark web. Even if the data is not more than a name, email address, physical address, and phone number, it is valuable to a hacker. Personally Identifiable Information (PII) is protected by law in many states and countries. Exposing PII can carry considerable financial risk.
- Protect sensitive company information, including IP – All of your company’s financial records, bank account information, and private records are on your computer systems and are accessible from the internet. If your company generates or owns Intellectual Property (IP), losses from a data breach can be debilitating.
- Avoid having to choose between paying a ransom or losing all their data – If ransomware makes it onto your systems via a phishing attack or some other method, you will find yourself in the unenviable position of needing to decide whether to pay a huge ransom or lose your data. Even if you meet the attacker’s demands, there is no guarantee you will ever be able to reaccess your data.
- Meet industry compliance requirements – Depending on the industry your business operates in, there may be strict government compliance requirements. To stay in compliance, you must protect sensitive data and report any unauthorized disclosure.
- Asset discovery – As the number of computers and electronic devices explodes across our personal and work lives, it can be challenging to identify what systems are in place throughout your business. There are assets such as company-owned servers, desktops, and laptops, and employee-owned devices that are allowed to connect to your networks and access your data. These must all be accounted for before you can protect them or the data they access.
A cybersecurity threat assessment will help you identify any known vulnerabilities so you can patch them if a patch is available. An assessment is a vital part of your overall risk management strategy.
About Jason Kulpa
Jason Kulpa is a serial entrepreneur and the Founder and CEO of UE.co, San Diego’s Fastest Growing Business multi-year award winner, and a Certified Great Place to Work multi-year winner. Mr. Kulpa is a San Diego’s two-time winner of the Most Admired CEO Award of the San Diego Business Journal and a semi-finalist for the Ernst and Young Entrepreneur award. Under Mr. Kulpa’s leadership, in 2018, his teams volunteered at over 24 events and worked side-by-side to improve the San Diego community. They hosted a gala dinner benefiting individuals with autism, cheered on Special Olympic athletes as they broke their records on the track, and brought school supplies and cold-weather gear to students impacted by homelessness. Jason’s mission is to bring awareness, support, and inclusion for special needs causes.