Wednesday, September 5, 2012

A Vulnerable Network Can Cost Your Business

Did you know that a vulnerability scanner can save you money? If you look at the various reports that have come out regarding the costs of security incidents, you will find that the per incident cost can range from a few thousand dollars to several million.
Last year, a Bloomberg report cited a study by the Ponemon Institute that found that the costs of security incidents involving credit card or social security number breaches cost an average $7.2 million per incident. Even on the low side, a report co-sponsored by HP put the average cost of a security incident at $416,000. When you compare this to the costs of identifying and properly securing a company’s vulnerabilities before a breach occurs, it seems obvious that securing your systems is the most economical approach to take. But before we look at how to approach this, consider the longer term impacts of a security breach.
A vulnerable network can cost your business in more ways than one. The expenses associated with cleanup pale in comparison to the costs from a damaged reputation. Lost business, reduced consumer confidence and the long term press coverage that comes with any security incident will have a financial impact that can last years beyond the actual event. While it is impossible to attach an accurate dollar amount to what might have been, you have to consider the revenue lost because a potential customer chose your competitor in part because they weren’t sure about entrusting their business with a company that has had a security incident.
The sad thing most businesses find out too late is that the costs of remediation would have been far less. Whether your costs are on the low end or the high, the simple fact is that practically all security incidents are avoidable, if you know where to look. And that is where a vulnerability scanner comes into play.
A vulnerability scanner is a tool you use to assess the state of your workstations and servers. When you use a vulnerability scanner, you examine all the systems connected to your network. This assessment will not only tell you what state your systems are in, it also gives you the same sort of information malicious attackers will have into your systems.  
You can use a vulnerability scanner to assess their patching level and the services running on them. You can also check for common misconfigurations that can lead to security incidents, and other vulnerabilities such as weak or default passwords. A vulnerability scanner provides you with the information you need to go about securing your systems, addressing configuration issues, and ensuring that you computers are secure.
Use a vulnerability scanner regularly, update your scanner’s definitions each time you use it, and scan your systems both from the outside and within. Regular scanning ensures that as new systems are brought online or configuration changes are made, you will detect any new vulnerabilities that are introduced or discovered on your network. By scanning externally, you can see things the way attackers over the Internet do, and by scanning internally, you can get a feel for your exposure to inside threats, whether those are malicious or merely curious users, malware, or other potential threats.
The costs of a vulnerability scanner are a fraction of the costs associated with even a minor security incident, and the money you will save remediating issues before they become incidents will repay you many times over. Start using a vulnerability scanner today to save money, protect your reputation and to help secure your customers’ continued loyalty.

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging need. Learn more on what to look out for when choosing a vulnerability scanner.