vulnerability scanning; vulnerability assessment

Shannon Mayberry, Director of Information Security, Locknet Managed IT

What It Is and Why You Need It

Businesses and organizations of all sizes and across all industries are vulnerable to steadily increasing security risks.  Vulnerability scanning is one of those things you probably should have started yesterday. But it’s never too late to learn more about vulnerability scanning and incorporate it into your cybersecurity plan.

What is a vulnerability?

A vulnerability is a loophole in your security that can be exploited by a bad actor to get unauthorized access or perform an unauthorized action on a computer, website, or network. Vulnerabilities create opportunities for attack through installing malware, running code, or hacking into sensitive data.

What is vulnerability scanning?

A thorough analysis of your network’s security requires a vulnerability scan. A vulnerability scan is an automated vulnerability management process conducted on a computer or network system to find potential points of exploitation. These automated security tools examine CVEs (Common Vulnerabilities and Exposures), weaknesses, misconfigurations,  and flaws in an organization’s networks, systems, devices, and applications. Once the vulnerability assessment is complete, a detailed report brings to light degrees of risk from each vulnerability and ways to mitigate a vulnerability.

Different areas of an IT environment are typically scanned to provide a complete risk assessment.

  • External vulnerability scans. Conducted from outside the organization’s network perimeter, external vulnerability scans target external IP addresses. This type of scan checks a network’s firewall and other perimeter defenses.
  • Internal vulnerability scans. Testing every device on a network, these scans help identify vulnerabilities that leave a business at risk once a hacker or malware makes it inside.
  • Environmental scans. These scans are done based on the environment that a business technology operates in, such as the cloud.

Vulnerability scanning vs. penetration testing

While you may have heard both terms when discussing your network security, a vulnerability scan is not the same as a penetration test. A penetration test, or pen test, is an active manual attempt to gain access to a system through an already known vulnerability or misconfiguration. Vulnerability scanning focuses on prevention, not penetration. A vulnerability scan is typically administered more frequently than a penetration test, but they work together and are requirements for a comprehensive cybersecurity plan.

Why is vulnerability scanning so important?

There are many reasons vulnerability scanning should be part of your cybersecurity plan.

  • Mitigate risk. By detecting unpatched software, broken authentication, security misconfigurations, and other security risks, you may be saving your organization from a costly data breach or malware attack.
  • Industry compliance. Many industries have regulatory requirements to have internal and external vulnerability assessments done on a regular basis. Industries with HIPAA and SOX compliance, along with banks and credit unions require vulnerability assessments. Your business’s cybersecurity insurance, regardless of industry, may also require it.
  • One step ahead. Cyber criminals also have access to vulnerability scanning tools, so it is vital to carry out scans and take action before the hackers do.

Incorporate an ongoing vulnerability management program into your cybersecurity plan.

An ongoing vulnerability management program is an essential component of your commitment to proactively identify vulnerability and security risks for your business.  Through a regular regimen of vulnerability scanning, you can continually identify, organize, and address vulnerabilities that could otherwise put your network security at risk. By mitigating those risks systematically, your organization has the insight it needs to remediate, maintain regulatory compliance, and have a strong cybersecurity posture. Contact the team at Locknet Managed IT to get started.

Kris Kilgard, Division President of Locknet Managed IT.

What are brute-force attacks?

The name “brute force” comes from attackers using excessively forceful attempts to gain access to user accounts. Despite being an older cyberattack method, brute-force attacks remain a popular tactic with hackers.

In its simplest form, a brute-force attack uses trial and error to combine different variations of symbols or words until the correct password is guessed. While this isn’t the most efficient type of attack for hackers, it can still work for them to gain access. Don’t think about it as one person poking on a keyboard to come up with new password combinations. Instead, with specialized software, hackers can automatically attempt millions of passwords per second.

Once a hacker forces their way in, they will use their access to exploit digital advertising, steal data, hold data ransom, spread malware, or hijack systems.

Types of brute-force attacks

  • Knowledge Based – This is also called a simple brute-force attack. An attacker will guess a user’s password by entering a combination of values using known information about the targeted user. This is done without additional software and can be done with information about the targeted user found online or from a social engineering attack. These attacks are “simple” because many people still use weak passwords, such as “password 1234” or have poor password practices, such as using the same password for multiple websites.
  • Dictionary – This is a basic form of brute-force hacking in which the attacker selects a target, then tests possible passwords against that individual’s username. It’s called a “dictionary attack” because hackers run through dictionaries and amend words with special characters and numbers, utilizing common passwords downloaded from the internet.
  • Hybrid – A hybrid attack uses a combination of simple and dictionary methods. Attackers combine their knowledge about the targeted user with dictionary words and phrases. This method uses private information such as the user’s birthday combined with a common or popular word.
  • Credential Stuffing – This type of attack also preys on users’ weak password practices. Users often use the same passwords across several sites. An attacker who gains access to user passwords on one site will try the same ones on other sites, accounts, or social media profiles.
  • Reverse Brute Force – This method takes a known password, usually discovered through a network breach, and automatically submits it to an application until a username is found. Attackers who use this method often download a list of stolen passwords from the dark web and apply them to user accounts to find a credential match.

How to prevent brute-force attacks

Several strategies are available to prevent and detect brute force attacks. They are focused primarily on having better password practices in your workplace.

  • Use Lengthy and Complex Passwords – A strong rule of thumb is that passwords should be 15 to 64 characters in length and include capital and lowercase letters, symbols, and numbers. Use multiple word passphrases to prevent attackers from succeeding with simple dictionary attacks. And always use unique passwords for every account.
  • Two Factor Authentication – Should an attacker successfully brute force a password, having two factor authentication would stop successful authentication on the account.
  • Limit the Number of Failed Login Attempts – Limiting the number of times a user can re-enter their password credentials reduces the success rate of brute-force attacks by stopping the hacker from repeatedly testing username and password combinations.
  • Require CAPTCHA – Adding a CAPTCHA box to the login process can prevent an attacker from using bots to brute force their way into a user account or business network. CAPTCHA options include typing text images that appear on the screen, checking multiple image boxes, and identifying objects that appear.
  • Educate Employees – Make sure users in your organization understand the potential ramifications of a brute-force attack and why security measures and good password practices are important.

Improving your password practices

The likelihood of a brute-force attack succeeding increases significantly when the attacker can submit unlimited guesses, when weak passwords are permissible, and when additional challenges are not required to complete a login. The team at Locknet Managed IT has multiple avenues to help with your password security. Download their Desktop Guide to Strong Passwords to get started. Then, work with their team to layer on additional services like multi-factor authentication, password manager, and security awareness training for your employees. Contact the team at Locknet to learn more.

Business Man Happy After Working on Finances With Platinum Bank

Corporate account takeover. Phishing scams. Wire fraud. These are just a few of the cyber security threats businesses face every day. The consequences of a breech can be substantial, with recent reporting showing an average median cost of $30,000, while larger organizations have faced losses in the millions.

With these threats on the rise, it is more important than ever to protect your business against cyberattacks. At Platinum Bank, we have multiple products and processes in place to protect our clients’ data. Here are some steps you can take to protect your assets.

Banking Products That Protect against Cyber Security Threats

ACH Filter

An ACH filter prevents unauthorized debits from leaving your accounts. When you set up an ACH Filter, you create a list of pre-approved debits and credits. If any requested debits or credits fall outside this range, you are notified that your permission is required to proceed. That way, you have complete control over the money leaving your accounts. 

Positive Pay

Positive pay is a sister product to ACH filter. It works in the same way, but for written checks. You provide your bank with an approved list of checks to go out each month. If any activity falls outside the approved items, you make the determination if it should be paid or declined.

Out-of-Band Authorization for Wire Fraud Prevention

Out-of-band authorization protects your accounts against wire fraud. If your bank receives a request for wire funds transfer, out-of-band authorization requires the bank to confirm the transfer with you. They must contact you with the phone number on your bank account rather than any number provided in the wire transfer request. 

Processes and Policies That Protect against Cyber Security Threats

Multifactor Authentication

Multifactor authentication, also known as two-factor authentication, is an increasingly popular tool for protecting banking and other sensitive online accounts.

When you use multifactor authentication to access your online accounts, you will complete an extra step between logging in and accessing your data. Once you’ve provided your username and password, the system will send a verification code to you by email, text, or through an authenticator app. You need to enter that code to access your online accounts. Since it requires access to a separate account or a physical device, multifactor authentication provides very strong protection against cyber threats, so it is ideal to activate it whenever possible. 

Upgrade Passwords to Passphrases

When it comes to passwords, the longer and more complicated, the better. That is why many cyber security experts recommend upgrading passwords to passphrases. A good passphrase is long but easy for you to remember. The length will make it more difficult to bad actors to hack it.

Use a Password Manager

Another option is to use a password manager to randomize your passwords. These apps allow you to manage all of your passwords for all of your online accounts from a single dashboard. The manager can assign unique passwords made up of random letters, numbers, and symbols to your accounts. If you use a password manager, it is very important that you secure the manager with a strong passphrase and multifactor authentication. 

Perform Regular Cyber Security Audits

Annual outsourced audits of cyber security protocols are important components of any business’s cyber security plan. Many IT companies offer cyber security audits, where they run tests on security measures and even test employee compliance with cyber security policies.

How Platinum Bank Protects Banking Customers

Platinum Bank offers ACH Filter, Positive Pay, and out-of-band wire fraud protection to our clients. Internally, we implement and continuously improve on our own cyber security program, which includes automated processes to flag suspicious activity, dual controls for wire requests, and a multilayered security program. Our staff regularly participates in cyber security training to combat phishing attacks and other cyber threats.

At Platinum Bank, we are committed to keeping our clients’ data safe. Get in touch with us today to help ensure your business is protected.