Vulnerability assessment is the breaking down of a client’s Cybersecurity infrastructure and finding the vulnerabilities in this infrastructure. Vulnerabilities can either be present physically, digitally or socially. An example of a physical vulnerability could be a hospital with the passwords to confidential information lying on a counter or this information being portrayed on the screen. A digital vulnerability is what one commonly thinks of when thinking of Cybersecurity. A weak firewall, simple passwords, etc. are these vulnerabilities. Social vulnerabilities are the places where a hacker can socially engineer or “phish” his target. As an example of social engineering, a hacker may try to gain access into secure premises using false pretenses. The hacker then manipulates the target personnel, and uses them to gain access to the desired information. To provide an example of phishing, the hacker could email a high-ranking member of the company and try to obtain private information under the guise of being the company’s Internet Service Provider.
These vulnerabilities can create significant problems, such as lack of compliance and damage to one’s reputation. There are many regulations that businesses must comply with to stay within the realm of the law, such as HIPAA, GLBA, FFIEC, FIPA and others. A business can lose 50,000 dollars per HIPAA violation with a maximum of 1.5 million dollars a year. These vulnerabilities, if recognized, can also damage a company’s reputation as having a history of insecurity and an inability to protect the information of the company’s clientele is not easy to come back from.