PwC has released its findings from The Global State of Information Security Survey 2018. Here are some key findings:
- 29% of companies surveyed report a loss or damage of internal records due to a security incident
- 67% of respondents have an IoT security strategy in place or are currently implementing one
- 30% of those surveyed say that current employees—including suppliers, consultants, and contractors—are the source of security incidents
These statistics aren’t necessarily shocking, but they do speak to the need for a security assessment.
A network security assessment will help you determine the steps you need to take to prepare yourself, your organization, and your network for the threats of today and tomorrow. Here are a few ideas to get you started:
- Assess the vulnerabilities of networks, applications, other IT resources. Document and analyze your entire IT infrastructure to find the weaknesses and potential issues.
- Conduct comprehensive scanning of ports, vectors, protocols.Conduct a comprehensive scan of all ports on your network to identify the IT equivalent of open windows and unlocked doors. The most common malicious network scans search for vulnerabilities in a standard range of 300 ports on a network where the most common vulnerabilities are found. However, you may have over 60,000 ports on your network that can be suspect.
- Understand how your network interacts with outside parties. Try to access your network as an outside party might. See what your network requests in terms of information and how easily it can be satisfied.
- Probe your internal network weaknesses. Assess interaction with internal networks. Unfortunately, you can’t assume that all threats will originate outside your network. Internal people can pose a threat too.
- Review wireless nets, including Wi-Fi, Bluetooth, RFID, rogue devices. Wireless nets, rogue devices, and removable media all present vulnerabilities. If a hacker leaves a USB flash drive containing malicious code in your lobby, someone will likely pick it up and pop it into a system on the network to see what’s on it. That’s all it takes to compromise your network.
- Assess and educate employees about social engineering attacks. This includes policies around behavior such as using social media or picking up flash drives left lying around.
Hackers make it their job to breach your computer network security, and you want to make it as difficult as possible for them. Remember, hackers don’t play by the rules. Make 2018 a safe, secure, and profitable year!