Most crimes are committed by people known to their victims. Likewise, businesses are most at risk from former and current employees. Frequently when thinking about information security we mull over how to prevent intrusion into our business from the outside. The facts and statistics would beg to differ – 62% of large businesses have dealt with a security incident instigated by a current or former employee.
Case summaries from the files of many corporate security investigators demonstrate that increasing dependence on information technology increases dependence on, and vulnerability to, those tasked with the design, maintenance and operation of these systems. These information technology professionals – operators, programmers, networking engineers and systems administrators – hold positions of extraordinary importance and trust. Malicious actions on the part of such insiders can have grave consequences.
Adding to all this, now criminals have also discovered that the internet can supply new venues for their illicit business. In the virtual world too, most illegal actions are initiated by individuals or small groups, nevertheless, there is mounting evidence that organized crime groups are taking advantage of the new opportunities offered by the internet. This is something that needs to be acknowledged by businesses as an emerging and very serious threat to cyber-security.
These days all companies have routers, firewalls and intrusion detection systems in order to protect their data and to warn about malicious activities running on the network. All the security policies, procedures and technologies currently available cannot promise that the enterprise data system is safe from intrusion. You need experts responsible for configuring, monitoring and maintaining different types of technologies and also have the ability to update services efficiently.
Business verticals like BPO, online retail, manufacturing, entertainment, banking, finance & insurance, IT and consulting are targets of these attacks quite often. There are multiple factors that can create vulnerabilities to be exploited by resolute hackers that only comprehensive testing can find problems. It can bring out possible problems too. You’ll need to implement protective measures to protect against these vulnerabilities. As security techniques advance so does the sophistication of the hackers. This continues to be a see-saw battle.
Given the state of enterprise data systems, it is difficult to find expert resources for all technologies. It is difficult to retain staff who are experts in more than a few domains as each domain of information security requires constant attention and all these domains keep changing constantly.
Vulnerability Assessment and Penetration Testing (VAPT) is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system.