Here we are, 13 months on since the start of the pandemic, with the majority of people around the world still working remotely. Penetration testing a company’s infrastructure and web applications has never been more important. It detects vulnerabilities that could lead to cyber-attacks that result in disruption, data loss or theft.
Through the peaks and troughs of the pandemic, companies have opened and closed hundreds of VPN channels for remote workers but managing a transient or freelance workforce is complex and challenging. Phishing emails, the low hanging fruit for hackers, become even more convincing by the day. Clever new cloud based web applications, that enable us to do our work in ways we had never thought possible, can also be vulnerable.
At Convergent we conduct penetration testing for hundreds of vendors going through Cloud, TPN or other MPA based security assessments. There has been a marked rise in network vulnerabilities since the pandemic started. Currently 86% of the penetration tests we conduct find vulnerabilities that were previously unknown to the IT teams. Some findings are Critical but whether the risks are Low, Medium or High, they are all of concern and, without attention, leave you vulnerable to attack.
Common Findings
The most common findings include SSH issues or SSL/TLS misconfigurations which can result in security weaknesses that could affect the integrity and confidentiality of data in transit between a user and the servers. SSL v3.0 was superseded by TLS 15 years ago, but it still seems to be omnipresent. Another common issue is unpatched or unsupported software where known vulnerabilities can be leveraged by hackers.
At Convergent we conduct penetration testing for hundreds of vendors going through Cloud, TPN or other MPA based security assessments. There has been a marked rise in network vulnerabilities since the pandemic started. Currently 86% of the penetration tests we conduct find vulnerabilities that were previously unknown to the IT teams. Some findings are Critical but whether the risks are Low, Medium or High, they are all of concern and, without attention, leave you vulnerable to attack. More information can be found at www.convergentrisks.com
