Vulnerability Assessments and Penetration Testing

Vulnerability Assessment Services

Vulnerability assessment is the in-depth evaluation an organization's cybersecurity infrastructure to identify vulnerabilities in order to prioritize and remediate them. Remediation deters cybercriminals from taking advantage of system weaknesses to steal sensitive data and other digital assets. 

Vulnerabilities can be present either physically, digitally, or socially. An example of a physical vulnerability could be a hospital with passwords to confidential information lying on a counter or displayed on an open screen. A digital vulnerability may take the form of an outdated firewall or other infrastructure, poor password policies, or unpatched software. Social vulnerabilities consist of human weaknesses that enable hackers to socially engineer or “phish” their targets. A hacker may employ false pretenses to manipulate a targeted employee, spoofing a legitimate source in an email, for example. The hacker exploits human vulnerability to gain access to credentials or other sensitive information.

These vulnerabilities, if not addressed promptly and effectively, can result in hacks, attacks, ransom demands, and other cybercrimes that impact an organization's brand, reputation, and budget. Affected clients may change brands after having their data hacked, or file lawsuits. Numerous regulations such as GLBA, FFIEC, FIPA and others require organizations to protect the data in their systems, and many apply financial penalties for non-compliance. In the healthcare industry, for example, the HHS Office for Civil Rights regularly investigates HIPAA violations and imposes penalties and mandatory corrective action plans on violators.