Triskele Labs Blog

Unpacking vulnerability management for SMEs

Written by Nick Morgan | Jun 21, 2020 9:51:00 AM

A few weeks ago, I was speaking to a cousin of mine who had just started her own business. She was running me through her checklist for the store, including her EPOS system and other items that she was getting out of the way rather efficiently and confidently for someone who was entering business for the first time!

In the midst of our conversation, I noticed something troubling. Not wanting to freak her out, I gently asked, “Kate, have you thought about running vulnerability scans for your IT systems? I must confess, vulnerability management needs to be a priority given that your business is just starting out.”

At first, she laughed it off and kept insisting that because she was just starting out and wasn’t a big business that she would be fine. You can bet I hated being the bearer of bad news in that situation. “I hate to have to tell you this but you can’t mess around with this stuff. Hackers actively target small businesses like yours, precisely because you think like this. Let me help you figure this stuff out.”

I’m glad to say that she took my advice and her operations are much more secure now than it was when we had our chat. This really brought back to mind something that’s a given fact in our industry - SMEs are among the most vulnerable businesses, even though they think they’re relatively safe from the attention of determined cybercriminals. 

According to research from MYOB in 2017,87% of SMEs believe their business is safe from cyberattacks because they use antivirus software. While antivirus software is all well and good, that needs to be just the beginning of a well-thought-out cybersecurity strategy.

With all this in mind, it seemed like a good time to pen down some thoughts on why vulnerability management and scanning is so important for SMEs.

WHAT IS VULNERABILITY MANAGEMENT?

Vulnerability management refers to the processes and systems businesses have in place to identify, assess, and address cybersecurity vulnerabilities within their operations. 

Vulnerability scanning is an important part of this process and this, in turn, refers to the process of scanning vulnerabilities in IT assets and other hardware and software components of your business. 

Naturally, this type of activity bolsters vulnerability management because it allows security teams to stay on top of active risks and take measures to eliminate these and put safeguards in place to protect your company from similar threats in the future.

OUTSOURCING VULNERABILITY MANAGEMENT 

As an SME, many things are going to seem like novel and daunting challenges, cybersecurity, most of all. Vulnerability management is one of the few things, in this area, that you need to get absolutely right. 

Like I told my cousin, Kate, if this is something that you’re not able to do, yourself, receiving the right support is crucial. If you can’t afford to retain an external security team, you can still commit to regular consultations in which experts provide you with ongoing guidance on how to stay on top of vulnerability management, which as I mentioned before, isn’t a single process or system.

Security consultants will also be able to recommend tools and software you can equip yourself with, which will make this process significantly more efficient and effective.

UNDERSTANDING THE DISTINCTION BETWEEN VULNERABILITY SCANNING AND PENETRATION TESTS

During my tenure as CEO of Triskele Labs, I’ve spoken to many business owners, who, when asked about cybersecurity protections and defences, speak very enthusiastically about penetration testing as an all-in-one solution. I’ve realised that they think that this is a form of vulnerability scanning and are hellbent on having their systems tested.

Penetration tests, however, are very expensive for SMEs if they’re just starting out and whose only goal is to identify potential chinks in their armour. Additionally, this type of testing isn’t all that useful until a company has done everything else they can do to protect their operations. 

Vulnerability scanning, therefore, is essential, and generally inexpensive, because it not only identifies basic security fixes but can also be automated with more sophisticated security software. Usually, you don’t need much support to do this and represents a crucial first step in your security strategy.

SPEAK TO A VETTED SECURITY TEAM FOR CYBERSECURITY SUPPORT FOR SMES

At Triskele Labs, our team of experts provides cybersecurity consulting services that aid vulnerability management for SMEs. If you’re starting out and don’t have the know-how you need to keep your operations risk-free, get in touch with us for more information, support or resources you need to run your business with complete confidence.

Good luck!