May 20, 2020
Assessing the ‘New Normal’ of Cybersecurity
Security assessments can help organizations uncover vulnerabilities introduced by new technologies.
Then the videobombers hit.
Strangers began infiltrating online meetings — shouting profanities, sharing obscene images and generally causing chaos. Many organizations had to scramble to either switch tools or enact new security measures.
This scenario illustrates how easily problems can pop up when organizations are forced to deploy new IT solutions in a hurry. Videoconferencing is, of course, far from the only new tool nonprofits and other organizations are deploying as they race to transition to a work-from-home model. As they seek to enable remote work, many organizations are implementing new ways for employees to access and share data.
This is all necessary to enable business continuity, but it’s possible (and perhaps even probable) that organizations are unwittingly opening up new security vulnerabilities as they introduce new technologies and workflows. And very likely, these threats will be much more subtle than pranksters taking over video meetings; these are threats that could lurk inside an organization for years, discovered only after they result in a significant data breach.
For the moment, many organizations are still simply trying to support continued operations. But when the dust settles, they’re going to need to take a close look at the security of their new environments. For many organizations — especially smaller and midsized outfits — this becomes a problem of “you don’t know what you don’t know.”
Unless an IT shop employs professionals with deep expertise in cybersecurity, the prospect of hunting around for unknown security gaps can be incredibly daunting. That’s where cybersecurity assessments from a partner like CDW come in.
A Variety of Assessment Services
CDW offers a range of assessments, including our Rapid Security Assessment and our Comprehensive Security Assessment. Both of these services involve CDW’s cybersecurity experts looking under the hood of an organization’s IT systems, probing for vulnerabilities and attempting to circumvent existing security solutions.
Typically, a Rapid Security Assessment engagement will include the following:
- A scan of internet-visible hosts and a test of vulnerabilities
- Internal network vulnerability scans and penetration tests of key IT assets
- An audit of passwords and password-related policies
- Testing of wireless security at one site
- A social engineering exercise to assess vulnerability to phishing
A Comprehensive Security Assessment engagement will often include:
- Discovery of IT assets (including unknown assets and networks)
- In-depth penetration testing
- Audit and review of multiple Active Directory domains
- Complete vulnerability scan of internal and external systems, as well as scanning and assessment of websites and applications
Once business and IT leaders have a better idea of the vulnerabilities in their environments, they can make informed choices about how to move forward. Many end up contracting with CDW for roadmapping or remediation services, for instance. And some opt for ongoing engagements, such as our virtual CISO program, where CDW essentially acts as an organization’s chief information security officer. We also offer both no-cost and paid retainer programs, which help organizations respond rapidly if they do suffer a breach.
Too often, organizations wait until after they’re successfully attacked to take a serious look at cybersecurity. But this period of great change should motivate organizations to be proactive and take steps to stop potential problems before they start.