Everything to know about Conducting Cybersecurity Assessments
Cyber assessments are all about being proactive. Instead of reacting to threats in real-time, assessments focus on strengthening your defences in anticipation of an attack. Implementing regular cyber security assessment practices helps businesses maintain a healthier, more secure cyber landscape that is less prone to attack.
The fact is that vulnerabilities will always exist. Businesses should use assessments to help them evaluate their current cyber security practices, determine where things aren’t working, and figure out ways to keep improving.
How to assess cyber vulnerability
A vulnerability assessment is a method of looking for exploitable weaknesses in your system and prioritising them based on their potential risk. It can be used to help evaluate the performance of your cyber security and to inform actionable steps to strengthen your landscape.
Types of vulnerability scan
Some of the most common vulnerability assessments include:
- Network scans
- Host-based scans
- Wireless-based scans
- Application-based scans
Each have different focus areas, from specific applications and devices to wider networks. Nevertheless, they all have the same aim – to help organisations search for and fix weaknesses that could be hacked. Running these scans helps businesses mitigate potential attacks before they occur.
How do they work?
These scans will run autonomously, analysing the entirety of the cyber environment it’s designed for. It will search for specific security issues, while also considering their associated risks, and produce a thorough report with actionable insights.
How to complete vulnerability assessments
Every vulnerability assessment will follow a similar format:
This is stage one. You can start finding or fixing vulnerabilities until you know what you’re looking for and where you’re looking.
Take time to thoroughly list every device in your business – if something is passed over you could end up missing critical weaknesses.
This stage focuses on prioritisation. There will be millions of vulnerabilities within a business and new ones will arise every day. It’s just not possible to fix them all. In this phase you should measure each asset by likelihood of a successful attack and the impact of said attack. Keep this for later and use it to prioritise which assets need fixed first.
Let the tool take over. Based on the intelligence you’ve provided, your tools can run scans autonomously. The result will be a system baseline. This is an overview of the scan results which outlines your most severe vulnerabilities and any active risks.
Often an organisation will want to produce their own report aligned with actions that should be taken. These can contain additional details on top of the scan results, from date of discovery and vulnerability details, to what maintenance is needed accordingly.
Key steps for success in any vulnerability assessment:
- Identify Risk: List all IT assets and determine their potential risk.
- Plan: Establish a plan of action with an assessor.
- Choose a scan: Pick the scan that meets your requirements.
- Program: Define the parameters, targets and scope for your scan.
- Run: The scan will find and analyse targets.
- Evaluate: Prioritise actions based on results.
- Implement: Determine the best mitigation strategies for risks.
What can RiverSafe do?
Bringing on a cyber security consultant can really help with the initial assessment and analysis phases. RiverSafe can provide support throughout the entire process, from running risk workshops to list asset infrastructures, to helping you choose the best tool for your needs, all the way to helping you implement the right security solutions for your threats.
Getting to Grips with Risk Management
What is risk assessment and why is it important?
A risk assessment is performed to identify, analyse and prioritise key risks or threats in a system or process. Simply, it helps businesses introduce effective risk management into a certain area.
With cyber security, it is used to assess your internal and external defences so you can proactively improve your counter-threat measures and decrease the impact of cyber attacks.
How do you conduct cyber security risk management?
There are four primary risk management approaches in cyber security:
- Identifying risks
- Assessing risks
- Creating a mitigation strategy
- Future proofing
Using a combination of these processes will help you create a strong cyber security strategy and defend your systems.
Cloud Risk Assessment
Cloud risk assessments only differ from other risk management processes in that they require a cloud specialist. This is the only way your assessment can be successful, so it’s important to use a cyber security provider that offers this service.
Cyber Risk Assessment
What is also commonly used to boost risk management in cyber security is a cyber risk assessment matrix. Using a matrix you can effectively analyse your risks, and group them according to their probability and likely severity. This allows you to build your understanding of the cyber threat landscape and appropriately prioritise your resources.
Arrange a consultation with one of RiverSafe’s experts to see how our risk management services can help you.
What is penetration testing?
What is pen testing and what is it for?
A penetration test, also known as ethical hacking, tests cyber platforms for weaknesses. Essentially, the tester tries to break in through potential vulnerabilities as a real hacker would. This helps identify security gaps, and areas where security systems needed mended or strengthened.
The aim of pen testing is to conduct a comprehensive assessment of your cyber security framework. This helps companies be proactive with their cyber security, giving them the opportunity to find and fix any high-risk areas before they are exploited.
What are some common techniques?
There are various ways to conduct a pen test. Each has a slightly different objective, focuses on different areas, and will generate different results.
Here are the most common methods:
- Network service tests: Evaluates the user network internally and externally.
- Client-side tests: Identifies and assesses local threats on user software.
- Web application tests: Examines web apps and other end points.
- Social engineering tests: Testing employees for third-party breaches.
- Wireless security tests: Analyses breaches or weaknesses in wireless devices and networks.
What are the benefits of penetration testing?
- Identifies system weaknesses
- Helps you proactively improve/fix your threat defence
- Accurately measures your threat risk
- Provides real-world insight of how hackers attack
- The results help improve your cyber security strategy
- Ensures you meet compliance standards
- Reduces your likelihood of attacks
Platform Managed Assessments
Why do organisations need platform managed assessments?
Often, the root of many vulnerabilities and technical issues are higher level management practices. These issues can have long-reaching impacts on business performance and so it’s important for businesses to reassess how their practices affect their security.
Overall, a platform management assessment helps connect your business processes with cyber processes for the benefit of reducing vulnerabilities and strengthening cyber security.
The assessment process
RiverSafe work closely with organisations to gain insight into the technical and operational aspects of their security solutions, such as SIEM, SOAR, or UEBA. We take a consistent approach to make sure we’re hitting all the key targets every time.
In this stage, we compare your processes to a best practice template. This helps us identify anything that’s incomplete, assess the frequency of processes, and evaluate the effectiveness of processes. This is all considered alongside resource concerns such as cost and time.
The results of our gap analysis are compared against current outcomes. This helps us determine exactly where the issue is coming from within an entire process. From here, we can make specific and actionable recommendations about how to rectify these issues and drive improvement.
See our detailed Platform Management Assessment brochure here
Practical steps to Improve your Assessment Practices
Shift left involves moving your cyber security processes closer to software development. It really means considering cyber security while writing and developing an application rather than checking for it after implementation.
A huge part of this approach is vulnerability assessment.
How shift left utilises vulnerability assessments
Pen-testers follow a checklist and guidelines when identifying security issues – this means new vulnerabilities often get left unnoticed until it’s too late. What’s really needed is a continuous, automated process sitting in your CI/CD pipeline to help identify more vulnerabilities.
Scanning tools can be implemented at the coding stage, allowing organisations to identify and fix insecure code before it ever becomes ‘live’. This greatly reduces the amount of weaknesses an organisation will experience in their solutions in the first place.
Example of ‘shift left’ assessment tools:
- Credential scanning tools – TruffleHog
- Statis analysis tools – SonarQube, CheckMarx
- Open-source library analysis – OWASP, CheckMarx OSA, BlackDuck
- Container scanning tools – Claire, TwistLock, Anchore, Quay.io
- Infrastructure configuration analysis – Redlock, Tenable.io
Keeping up to date with the latest cyber threats and changes in the cyber landscape can help you understand what to look for in your assessments. COVID-19 is a prime example where societal changes have altered what businesses need to prioritise and look for when evaluating their cyber landscape.
In March 2020 alone, 2,000 online Coronavirus scams were reported and taken down by National Cyber Security Centre (NCSE), and 18 millions hoax emails were identified per day by Google.
With people working from home, it’s also important to educate your organisation’s users on how to conduct their own assessments and keep their devices safe.
Some rising threats organisations and individuals should be aware of:
- Phishing and spear phishing
- Social engineering
- Malware and ransomware scams
- Scams targeting remote workers
- Insecure personal devices
- Unsecured WI-FI networks
Get in touch with a consultant at RiverSafe to find out more about cyber security assessment and how we can help