To understand how often vulnerability scanning should be performed, it’s important to delve into the drivers behind this objective. Vulnerability management includes the treatment of risks identified during the vulnerability assessments. This is a vital element of the risk management regime for any organisation. Without making informed choices around risk appetite, an organisation may not get the best out of a vulnerability management programme.

Here is a simple illustration of how the principle of least privilege works. Remember when you installed Whatsapp? You most likely got a prompt asking you to click “Allow” so the app could access your media, run in the background, or manage contacts. In that instance, you were extending privileged access to the application, so it runs effectively for you.

With high-risk vulnerabilities popping up every other week, realising there is no such dream ‘patch everything’ and configuration changes slowly add up to weakening your infrastructure security. Vulnerability management and scanning are core components of a solid cyber security strategy, ensuring a sound risk management process. Vulnerability management helps an organisation keep an eye on their assets, both from asset management and operational security.

Businesses not taking cyber security seriously are undermining how important it is for growth. Cyber security is covers all aspects of protecting our sensitive data held in various forms, such as personally identifiable information (PII), health records, intellectual property, industrial systems, critical infrastructure, governments and military information.

The Cyber kill chain, also called CKC, is a phase based cybersecurity model developed by Lockheed Martin. It is co-opted from the military term ‘kill-chain’ used to break down the structure of an attack. The team developed the model to help security teams understand with break down of an externally originated attack into seven different steps. It helps teams to learn how cyber attacks work and help prepare the defensive controls of an organisation.

Patch management is the process of tracking security bug(s) and applying updates (code changes) on them in existing applications, software, or programs on a computer and other technologies to improve the functionality and security of already released programs installed in systems.

The cyber threat landscape evolves every day following the most basic to more advanced types of cyber attacks that makes daily headlines. It is due to data breaches, causing reputational, financial losses and regulatory penalties. Our aim with this article is to update the reader on various types and categories of cyber attacks that help them make informed decisions about their business to identify what is important and how it should be protected.