Cyberattacks have become so common that you can expect to see news about a breach every week. Just recently, Twitter experienced a breach that affected high-profile US Twitter accounts. This attack highlights the need for proactive security measures, such as vulnerability scans.
Today’s hyper-connected world calls for extreme vigilance and knowledge of the ever-present threat of cyberattacks. These cyberattacks typically exploit vulnerabilities to breach your networks. What better way to prevent these attacks than to conduct regular vulnerability scans?
What Is a Vulnerability Scanner?
Your network is constantly exposed to threats, and loopholes that could result in catastrophic incidents for your business were threat actors to identify them. Vulnerability scanners simply help identify these threats early enough before threat actors can find them. You can rely on them to scan your system or network for vulnerabilities while comparing the results to pre-established vulnerability databases. Some common vulnerability scanners include ImmuniWeb, Tripwire IP360, Paessler PRTG, and Acunetix.
How to Effectively Use Vulnerability Scanners
For you to effectively use vulnerability scanners, you need to scan your system and network often. The databases that contain recently discovered vulnerabilities tend to be updated often. Ideally, having a team in charge of these scans is ideal.
Once you are done with a scan, the team will assess the ad hoc reports. If they identify an issue with your system, they will suggest a remedy for mitigating the risks involved. Most databases tend to suggest solutions for the vulnerabilities they expose.
Types of Vulnerability Scans
Cyberattackers target flaws or vulnerabilities in networks, systems, and web applications with the sole purpose of exploiting them. For example, when dealing with application vulnerability management, the developers will seek to identify vulnerabilities, such as SQL injection, cross-site scripting, security misconfiguration, failure to restrict URL access, and LDAP injection.
To identify such vulnerabilities, organizations employ different vulnerability scans based on their testing objectives. The most common vulnerability scans include:
- External Vulnerability Scans
External scans aim to identify threats that can arise from outside our network, especially on the externally facing services. They are targeted at external IP addresses and ports.
For instance, they can help you assess new services and servers launched since the last time you conducted a scan and any threats associated with them. Some common threats you can find include having servers configured with deprecated services and unsecured transfer protocols. Ideally, you should perform these scans once each month to avoid over/underdoing them. A good example of these scanners is ImmuniWeb.
- Internal Vulnerability Scans
Cybersecurity threats can originate from anywhere, even from within your network. Don’t focus all of your resources on external threats and forget that disgruntled employees can target your network. You could also have missed a threat that seeped through your defences. This kind of threat could open up your network to attacks.
You need to perform an internal vulnerability scan to identify these threats. It also seeks to identify vulnerabilities such as encryption weaknesses, missing patches, and configuration weaknesses.
Keep in mind that internal scans are more complicated compared to external scans as they seek to assess your internal assets. These assets include everything in your network, such as vulnerable software. An internal scan will focus on your network’s internal components, searching for possible vulnerabilities and any other points of exploitation. A good example of such scanners is the Paessler PRTG.
- Environmental Vulnerability Scans
These scans are specific to certain IT environments, including mobile device-based environments, cloud-based environments, IoT devices, etc. Most of these environments are semi-isolated from the entire organization’s network, but they could wreak havoc to the rest of the network if a breach were to occur. Tripwire IP360 is a good example of such scanners.
For instance, IoT systems tend to be less secure than normal devices since most are designed with security as an afterthought. In turn, most manufacturers work overtime to identify security loopholes before sending out updates to patch these issues. A vulnerability scan will identify unpatched weaknesses in your IoT environment, which can be insightful in protecting your organization.
How Effective Is Vulnerability Scanning?
Vulnerability scanning is effective in identifying vulnerabilities in a network. In fact, 60 per cent of security breaches occur despite there being an existing patch for the ad hoc vulnerability. A scan generates a report of its findings, which you can use to patch the vulnerabilities. However, it’s more effective when combined with other cybersecurity measures, such as penetration testing and vulnerability assessment.
Vulnerability Scan vs. Penetration Test vs. Vulnerability Assessment
These three terms are often used interchangeably, but they don’t have similar meanings. For example, you might ask for a penetration test, but what you really need is a vulnerability assessment. To avoid this confusion, learn to differentiate the three.
What Is a Vulnerability Scan?
A vulnerability scan is run by automated software that tries to identify vulnerabilities in your network or system. It’s a simple process, as explained earlier. It merely identifies the vulnerabilities based on a database of vulnerabilities.
While these scans are important, you shouldn’t rely solely on them. This is because if you run a vulnerability scan and report indicates that your system has no vulnerabilities, it doesn’t necessarily mean that your system is fine. Vulnerability scans play an important role in improving an organization’s security, but they aren’t enough. You need a comprehensive cybersecurity strategy that includes vulnerability assessment and penetration testing.
What Is a Vulnerability Assessment?
A vulnerability scan will identify the weaknesses and flaws in your network, but it doesn’t explain the magnitude of these vulnerabilities. You’ll know your network has vulnerabilities, but you have no idea the extent of the damage that these vulnerabilities can inflict on your business.
To understand the damage that these vulnerabilities can cause, you need to conduct a vulnerability assessment, as it takes into account all the assets in your IT infrastructure.
The first stage of the vulnerability assessment is to match all the assets in your environment with their vulnerabilities. This will include your networks, hardware, software, web applications, etc.
Once you’ve matched assets with their vulnerabilities, you will start evaluating the effects the vulnerabilities can have on your business. This will typically require you to assess the impact a weakness can have and the probability of it occurring.
A vulnerability assessment is considered essential as it gives you an idea of what your system can handle, the threats it’s facing, and the magnitude of the threats.
What Is Penetration Testing?
The primary aim of vulnerability assessments and vulnerability scans is to identify vulnerabilities; in contrast, penetration testing seeks to exploit these vulnerabilities. Penetration tests are typically conducted by third parties several times a year as opposed to vulnerability scans, which are conducted more frequently.
Penetration testing begins by identifying weaknesses such as insecure business processes, vulnerable databases, etc. In the next phase, the penetration tester tries to exploit these vulnerabilities.
All three are important and should be part of your cybersecurity strategy. However, you should prioritize vulnerability assessments to keep up with ever-lurking cyberattackers. In contrast, penetration tests can be performed once or twice a year.
Wrapping It Up
Cyberattackers will always try to breach your security, and their primary target will be vulnerabilities that they can exploit. As long as you’re in a connected world, there is always a risk that your network will be hacked. Hackers will breach even the best defences as long as there is a weak link.
However, you can prevent these attacks by constantly scanning your IT infrastructure for vulnerabilities. Don’t stop there. Conduct a vulnerability assessment to help you identify these vulnerabilities, and rank them according to the degree of damage they can cause. Include penetration testing bi-annually or annually to test how your IT infrastructure would fare against an external attack.
Cyberattackers are constantly poking around your network looking for weaknesses, and if you don’t implement measures to strengthen your cybersecurity, they will eventually find these flaws and exploit them. You don’t need complex security measures; a simple vulnerability scan will act as a good starting point.
2021 FOYA Awards Nomination Thrills Chidi Nwaogu
By Modupe Gbadeyanka
A serial tech entrepreneur and co-founder of Publiseer and Savvy, Mr Chidi Nwaogu, has been nominated as Techpreneur of the Year at the 2021 FOYA Awards.
The event is an annual awards ceremony since 2016, which was conceived to serve the strategic objective to retain, reward, and recognize high-quality entrepreneurs and SMEs in Africa.
The nomination has thrilled Mr Nwaogu and has expressed optimism of winning the category as Publiseer, a digital content distribution company, has helped over 6,000 underserved African creatives living in low-income and disadvantaged communities to earn a living from the sales of their creative works.
The platform has been described by Konbini as “one of the largest digital publishers in Africa” and identified by IFC as one of the startups “that could speed up innovation in Africa.”
The nominee is also the co-founder and Head of Program at Savvy, a global fellowship program that has equipped over 3,900 passionate and brilliant young individuals from 136 countries, with the necessary knowledge, skills, resources, tools, and support community that they need to start their own impact-driven business in a post-COVID era and succeed as social entrepreneurs.
For his works at Publiseer, Mr Nwaogu won the 2020 Migration Entrepreneurship Prize by the Swiss Government, the 2019 Africa 35.35 Award for Entrepreneurship, the 2019 Young Leaders Award for Media and Entertainment, and the 2019 Bizz Business Excellence Award.
He is a 2020 Acumen Fellow (West Africa), 2020 Alibaba eFounders Fellow (China), 2019 Westerwelle Fellow (Germany), 2019 African Presidential Leadership Fellow (Cairo), and 2019 Yunus&Youth Fellow (New York).
FOYA Awards is designed to recognize and appreciate young founders contributing to the African continent’s economic growth while creating employment and other income-generating opportunities through entrepreneurship, thereby inspiring others to be founders in their own right.
The platform has developed into a convening agent for actors in the youthful entrepreneurship ecosystem attracting and stewarding access to relevant investors, not-for-profit leaders, influential personalities, and government officials to address everyday challenges and devise impactful, lasting solutions.
Study Shows 70% of Nigerian Businesses Unaware of Privacy Laws
By Modupe Gbadeyanka
A recent survey conducted by WorldWideWorx and commissioned by a global technology company, Zoho, has revealed that 70 per cent of Nigerian businesses are unaware of privacy laws governing their marketing activities.
This is despite the Nigeria Data Protection Regulation (NDPR) being in effect since 2019. The survey also revealed that even though businesses are concerned about the privacy of customer’s data in the hands of third-party vendors, they are reliant on them for revenue generation and gathering customer insights. This makes it harder for them to move away.
The CEO of WorldWideWorx, Mr Arthur Goldstuck, said the lack of awareness about the law is largely because these regulations are not part of business-critical activities like taxation and licensing.
However, he noted that 78 per cent of the businesses indicated that they have well-documented policies for customer data protection.
“This is likely following fear of NDPR violation, which has made headlines in Nigeria, even so, only 60 per cent are strictly applying them,” said Mr Goldstuck.
Third-Party Trackers and Ad Platforms
Of the 319 businesses surveyed across various industries and sizes, 45 per cent said they allow third-party trackers on their website, mostly for sharing content on social media (62 per cent) and gathering analytics on their website visitors (35 per cent).
There is also heavy dependence on digital ad platforms. The respondents believe that keyword search ads (59 per cent) and social media ads (52 per cent) are quite effective for customer conversion.
In fact, 78 per cent of businesses said the third-party ad platforms either help them meet or are a primary factor in achieving their sales goals.
Given this reliance on third-party vendors, it is no wonder then that, even though 85 per cent of businesses express concern over the use of their customer’s data, they are largely either ‘comfortable’ or ‘neither comfortable nor uncomfortable’ with the platforms.
Even the 18 per cent who are ‘uncomfortable’, state that they cannot move away from the platforms as they are crucial to their business or that it is too complex to move away.
Interestingly, 24 per cent of businesses reported that they do not completely understand how third-party trackers and ad platforms utilise the collected customer information.
“When businesses choose to use a free tracker, they are paying for it with their consumer’s data,” said Andrew Bourne, Regional Manager for Africa, Zoho. “At Zoho, we refer to this practice of third-party trackers collecting data without user knowledge as adjunct surveillance. Presently, Nigerian businesses turn a blind eye to this passive data collection by trackers, most likely, because they are dependent on them for revenue.
“However, consumers will eventually trust companies with transparent privacy policies that protect their personal information. Businesses hoping to stay relevant in the long term will need to either rethink their reliance on third-party platforms or demand greater transparency and accountability from them.”
Zoho had removed third-party trackers from its website in 2020 and has never sold customer data to anyone or shown ads, even in their free products.
Zoho also owns its data centres and the entire technology stack of its solutions. It can, therefore, assure its users of the highest standards of privacy and security.
Nigerian businesses believe that NDPR has had either no effect (39 per cent) or a positive effect (42 per cent). Their biggest concerns with the law are increased complexity (36 per cent) and the increased cost of governance (34 per cent). As per Mr Goldstuck, the cost of governance will be a major concern for SMEs.
For context, all businesses in Nigeria (regardless of size) need to appoint a privacy/information officer to oversee the protection of customer information.
Larger businesses can appoint their CIOs or IT leads in this new role, while smaller businesses may have to appoint their managing directors or business owners in the same role.
For smaller businesses, in particular, this can be a daunting task as the person in charge can be held personally liable for data leaks or breaches as per the law.
Truecaller Rolls Out SMS Filter Feature
By Adedapo Adesanya
The world’s most trusted and accurate Caller ID and telephone search engine, Truecaller, is rolling out a new feature called Smart SMS to further augment the user experience.
It has been introduced based on user feedback and is designed to cater to the evolving needs of our consumers and the new feature offers a host of new services to make day-to-day communication a lot more convenient.
It is powered by state-of-the-art machine learning models that adapt based on the feedback given to it and supports users with important messages from banks, billers, travel companies, delivery companies and so much more.
Smart SMS also helps users stay protected from spam and fraud. Only the essential information within an SMS is highlighted and all SMS messages are categorised and easily accessible.
Truecaller noted that from keeping track of users expenses to last-minute changes to your travel, Smart SMS is the future of SMS that will make life a whole lot easier.
Commenting on the new addition, Mr Zakaria Abdulkadir Hersi, Director of Business Development & Partnerships Africa at Truecaller said: “Roughly 80% of SMSes one receives daily are from businesses, disengaging users from important/useful messages. To combat that, SMS apps need to become smarter by filtering out spam and categorising useful information.
“At Truecaller, we constantly strive to offer the best user experience by adding unique features that fit in with our core mission: to make communication safer and more efficient for everyone.
“Truecaller has evolved into a powerful communication hub and for the people who wish to use the app to its fullest, we want to streamline the experience as much as possible for an efficient calling and messaging experience for our end user.”
Truecaller uses the same powerful algorithms used to identify spam callers in SMS as well. The SMS intelligence is built into the app itself and it can work offline – nothing leaves your device, including all OTPs, bank SMSes and financial information.
The feature also offers a Smart Inbox that identifies unknown SMS sender numbers and SMS sender IDs are resolved to business names with logos.
Truecaller helps users know who’s getting in touch by providing a search engine for telephone numbers, filtering out unwanted calls and SMS and focusing on what really matters.
The company provides services such as a dialer that offers caller ID, spam detection, messaging & more. Truecaller’s mission is to build trust everywhere by making communication safe & efficient.
Headquartered in Stockholm, Sweden, the company was founded in 2009 by Alan Mamedi & Nami Zarringhalam. Investors include Sequoia Capital, Atomico & Kleiner Perkins.
Like Our Facebook Page
Latest News on Business Post
- 2021 FOYA Awards Nomination Thrills Chidi Nwaogu June 20, 2021
- CIBN to Revamp Banking Practice in Nigeria With A-TEAM Initiative June 20, 2021
- Study Shows 70% of Nigerian Businesses Unaware of Privacy Laws June 20, 2021
- Capital Hotels Demands N5.5bn from 11 Plc for 51% Stake June 20, 2021
- SEC Introduces Regulatory Incubation Program for Fintechs June 20, 2021
- NGX Suspends Trading on GTBank Shares Ahead of Delisting June 20, 2021
- Christianity, Economics, Politics & Why Education Does not Work June 20, 2021
- DLM Capital Remains Best Structured Finance & Securitization Team in West Africa June 20, 2021
- Sainte Croix Brings French Cognac Heritage to Nigeria June 20, 2021
- Who Leaves Nigerian Idol Among Top Five Contestants? June 20, 2021
Economy5 years ago
Kwara Disburses N1.7b For Projects
Feature/OPED1 year ago
Davos was Different this year
Technology6 months ago
How To Link Your MTN, Airtel, Glo, 9mobile Lines to NIN
Economy3 years ago
FAAC: FG, States, LGs Share N655.18b in January
Economy3 months ago
MBA Forex Blames CBN for Inability to Return Investors’ Funds
Banking3 years ago
Sort Codes of GTBank Branches in Nigeria
Economy5 years ago
How To Identify Fake Naira Notes
General2 years ago
Ikeja Electric Explains How to Get Prepaid Metres via MAP