The Case for a Third Party Vulnerability Assessment

Over the last several years we have seen major corporations and government entities fall victim to cybercrimes, such as Ransomeware, traditional hacking through back doors created by viruses and Trojan horses or software vulnerabilities.

With all the negative publicity related to these breaches, you would think that cyber security would be the number one concern of business leaders today and organizations would’ve taken the necessary steps to protect their customer information and intellectual property. Sadly, most organizations are not adequately protected or prepared to handle a cyber-attack. These companies typically fall into one of two categories; companies that have a false sense of security and companies that do not take the threat seriously.

“The threat is incredibly serious—and growing. Cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated. Our nation’s critical infrastructure, including both private and public sector networks, are targeted by adversaries. American companies are targeted for trade secrets and other sensitive corporate data, and universities for their cutting-edge research and development. Citizens are targeted by fraudsters and identity thieves, and children are targeted by online predators.” – Federal Bureau of Investigation (FBI) Cyber Division

Over the last few years I’ve seen ransomware circumvent even the most up-to-date and restrictive anti-viruses software to date. Ransomware is a constantly evolving entity with new revisions popping up constantly. According to Intel Corp.’s McAfee Labs Ransomware is projected to grow in 2016.

It’s not that organizations don’t care about cybersecurity, they are just misinformed or have bought into one or more of the common misconceptions below:

  • We have a Firewall and an Intrusion Detection System (IDS) so we’re fine.
  • We are a small company no one wants to hack us.
  • We patch our servers monthly so we are ok, right?
  • The IT guy said we are protected.
  • This is an IT problem.

According to a research survey conducted by Osterman Research, Inc. in 2016

  • 34% of organizations had an email phishing attack successfully infiltrate their network
  • 30% of organizations had one or more endpoints infected with Ransomeware
  • 29% of organizations had malware infiltrate through an unknown source
  • 17% of organizations had sensitive/confidential info leaked through email
  • 14% of organizations had an email spear phishing attack successfully infect one or more senior exec’s computer
  • 12% of organizations were successfully infiltrated by a drive-by attack from employee Web surfing
  • 11% of organizations were victims of a CEO Fraud/Business Email Compromise Attack

“An ounce of prevention is better than a pound of cure”

Proactively identifying and correcting vulnerabilities is critical to protecting your business from cyber-attacks. It is imperative that organizations have a third party vulnerability assessment performed at least once per year and have appropriate remediation steps taken.

A Vulnerability Assessment focuses on the identification of vulnerabilities, remediation of those vulnerabilities and improving the capacity to manage or prevent future incidents

For more information visit

How can we help you?

Contact us today with any questions or concerns on how to streamline your information technology system.

Think technology. Think business. Think SōtirIS.