Creating a strong collect response to a cyber attack or breach begins with understanding the vulnerabilities an institution faces and the probability of these vulnerabilities being exploited. Knowing which vulnerabilities are most likely to result in an attack or breach and could have the largest impact on an institution helps it allocate resources in a way most relevant to defending against and responding to relevant cyber threats.
Internal vulnerabilities are the aspects of cybersecurity that your institution has direct control over. The eight most significant internal vulnerabilities, as uncovered by a Harvard Business Analytics survey, are:
1. Organizational complexity.
Cybersecurity isn’t just a tactical activity. It’s a strategic one. The larger an organization, the more moving pieces. The failure to include cross functional departments can actually increase vulnerability and complicate an organization’s response. If there isn’t a clear, top-down approach to cyber strategy, it’s easy for details to get lost in the shuffle.
2. Cybersecurity silos.
When just one area or individual, such as the chief information officer (CIO), or the IT function is tasked with planning for and responding to cybersecurity events, it hinders the ability of the institution to respond effectively to the threat. There needs to be input and buy in from the rest of the organization.
3. Insufficient data inventory and monitoring processes.
An institution needs to know where its GLBA-protected data resides and have mechanisms in place to detect a breach. If data inventory or monitoring processes are inefficient, fragmentary, or sporadic, it creates gaps in detection efforts.
4. Failure to regularly update inventory of vulnerabilities.
It’s hard to prepare for and protect against a cyber threat if you don’t know it exists.
5. Fragmented data management systems.
Data is everywhere. It’s on vendor systems, in data centers, and on backup systems. That can create challenges in that there is no real centralized system to discover and report problems and identify patches that need to be installed. There need to be resources to manage data throughout the organization.
6. Lags in discovering and reporting cyber attacks.
The longer cyber criminals are in your systems, the more havoc they can wreak. There need to be systems in place to immediately recognize and report attacks so that planned counter actions can be taken.
7. Failure to patch publicly disclosed flaws promptly.
Remember the Equifax breach that exposed the personal data of an estimated 143 million Americans? It happened because Equifax failed to update software and apply a patch for a known problem. The attack occurred two months after the flaw was announced and a patch made available.
8. Failure to track employee access to data and manage growth in access points.
Not every job function requires access to all data. Controlling who has access to data is essential to limiting exposure, especially in an environment where employees are connecting with their own devices. There need to be procedures in place to manage these access points so others can’t exploit them.
To learn more about evaluating internal and external vulnerabilities and the role of third-party vendors in cybersecurity and strategy, check out our whitepaper: Guarding Against Cybersecurity Threats: Assessing Third Parties and Measuring What Matters.