Welcome to our Blog page. Here, you can read our firm’s latest blog posts about timely tax, accounting and audit issues.

CyberAttacks

How a Vulnerability Assessment Can Help Thwart Cyber-Attacks

Posted by Jason Cope, CPA on Apr 23, 2019 10:28:22 AM

Cybersecurity is a growing concern within virtually every corner of our lives, from data breaches at work to attacks from malicious hackers on your home computer. Consider that in the first three months of 2018, the city of Fort Worth’s technology team blocked almost 17 million attempts to breach passwords. Forty-two of 49 Texas law firms recently surveyed reported they were victimized by a cyber-attack in the last two years. 

As businesses have become more digital, cyber-attacks have become lethal for any organization. And as cybercriminals become bolder and more sophisticated, cyber threats have become a point of emphasis in business vulnerability assessments. Even businesses that have already committed resources to combat cyber-attacks – including spending substantial amounts to protect networks and data – remain at risk. 

Instead of sorting through the wreckage after a devastating attack, it’s essential to be proactive about protecting your company. Along with IT, vulnerability assessments have a critical role to play in assessing external and internal vulnerabilities to an organization’s IT infrastructure, identifying risks and recommending ways to strengthen internal security. A cybersecurity vulnerability assessment can help identify vulnerabilities that exist in a business’ infrastructure.

Independent Assessment of Controls

Notably, enhanced cybersecurity typically requires robust risk management procedures and practices, identification of coverage gaps, and measures addressing those issues. 

With a vulnerability assessment, an organization receives a detailed report advising the systems tested, the vulnerabilities identified, and recommendations to address the risk. 

Beyond a vulnerability assessment, an organization can also perform penetration and social engineering testing. These tests are more specific and are designed to mimic the methods of hackers trying to penetrate an organization's IT systems, as well as test an organization’s employees knowledge of their role in maintaining cybersecurity. The results of these tests provide clear indications of an organization's weaknesses and provide opportunities for education of a company’s employees.

 To this end, the following are several practical suggestions for improving cybersecurity through a vulnerability assessment. 

  • Work with top-notch professionals. Don’t leave the particulars to people who are inexperienced or unprepared. Assemble a team that has the requisite knowledge and skills to assess your particular risks and spearhead the necessary modifications. You should rely on audit professionals with technological backgrounds who can do the job right the first time. 
  • Evaluate the entire cybersecurity system, not just some of the components. It’s not enough to selectively focus on certain cybersecurity aspects. An in-depth vulnerability assessment will examine the entire framework, from top-to-bottom, to expose both the core and branches of any potential problems.     
  • Consider this only one step in the process. Don’t think of the vulnerability assessment as your only responsibility for addressing cybersecurity risks. It is part of a comprehensive information security program that may identify other issues and spur further inspection, assessment, and resolution. 

Learn more about cybersecurity measures for your company by attending our upcoming presentation: Cybersecurity: What to do now to fight hackers and cyberattacks – AND WIN, on Thursday, May 9, 2019. Check here for details and registration information.

Goldin Peiser & Peiser works with companies on strengthening their internal controls. For more information about our Audit and Assurance Services Group at Goldin Peiser & Peiser, please contact Jason R. Cope, CPA, at 214-635-2546.

Cybersecurity is a growing concern within virtually every corner of our lives, from data breaches at work to attacks from malicious hackers on your home computer. Consider that in the first three months of 2018, the city of Fort Worth’s technology team blocked almost 17 million attempts to breach passwords. Forty-two of 49 Texas law firms recently surveyed reported they were victimized by a cyber-attack in the last two years. 

As businesses have become more digital, cyber-attacks have become lethal for any organization. And as cybercriminals become bolder and more sophisticated, cyber threats have become a point of emphasis in business vulnerability assessments. Even businesses that have already committed resources to combat cyber-attacks – including spending substantial amounts to protect networks and data – remain at risk. 

Instead of sorting through the wreckage after a devastating attack, it’s essential to be proactive about protecting your company. Along with IT, vulnerability assessments have a critical role to play in assessing external and internal vulnerabilities to an organization’s IT infrastructure, identifying risks and recommending ways to strengthen internal security. A cybersecurity vulnerability assessment can help identify vulnerabilities that exist in a business’ infrastructure.

Independent Assessment of Controls

Notably, enhanced cybersecurity typically requires robust risk management procedures and practices, identification of coverage gaps, and measures addressing those issues. 

With a vulnerability assessment, an organization receives a detailed report advising the systems tested, the vulnerabilities identified, and recommendations to address the risk. 

Beyond a vulnerability assessment, an organization can also perform penetration and social engineering testing. These tests are more specific and are designed to mimic the methods of hackers trying to penetrate an organization's IT systems, as well as test an organization’s employees knowledge of their role in maintaining cybersecurity. The results of these tests provide clear indications of an organization's weaknesses and provide opportunities for education of a company’s employees. 

To this end, the following are several practical suggestions for improving cybersecurity through a vulnerability assessment. 

  • Work with top-notch professionals. Don’t leave the particulars to people who are inexperienced or unprepared. Assemble a team that has the requisite knowledge and skills to assess your particular risks and spearhead the necessary modifications. You should rely on audit professionals with technological backgrounds who can do the job right the first time. 
  • Evaluate the entire cybersecurity system, not just some of the components. It’s not enough to selectively focus on certain cybersecurity aspects. An in-depth vulnerability assessment will examine the entire framework, from top-to-bottom, to expose both the core and branches of any potential problems.     
  • Consider this only one step in the process. Don’t think of the vulnerability assessment as your only responsibility for addressing cybersecurity risks. It is part of a comprehensive information security program that may identify other issues and spur further inspection, assessment, and resolution. 

Learn more about cybersecurity measures for your company by attending our upcoming presentation: Cybersecurity: What to do now to fight hackers and cyberattacks – AND WIN, on Thursday, May 9, 2019. Check here for details and registration information.

Goldin Peiser & Peiser works with companies on strengthening their internal controls. For more information about our Audit and Assurance Services Group at Goldin Peiser & Peiser, please contact Jason R. Cope, CPA, at 214-635-2546.

Note: This content is accurate as of the date published above and is subject to change. Please seek professional advice before acting on any matter contained in this article.

Topics: cybersecurity, cyberattack