Executive Security Summary

 

THREAT SCORE

6

 

Overall Risk

3

Highest Vulnerability

2

Attack Surface

1

Largest Exploit Value

6


s3 - Security Six Shooter

  • Default passwords still exist on some systems, change immediately.

  • Shared accounts used to access critical resources; segregate and implement least privilege access controls.

  • No 3rd party vendor risk assessments taking place before doing business; implement immediately.

  • Multiple security control mechanisms needed in order for network to be PCI compliant.

  • Company website contains known vulnerabilities, consider migrating website to known secure vendors.

  • Implement company wide VPN.


MDM Threat Risk

6

Internal Threat Risk

6

Physical Security Threat Risk

3

External Threat Risk

5

threat category critical awareness

  • Mobile devices used on the corporate network and to access corporate resources are unmanaged. Stolen devices cannot be remote wiped or locked down to prevent theft of corporate data.

  • Credentials on critical infrastructure are hardcoded and not changed when someone who had access is no longer with the company. These credentials need to be on a regular interval or whenenever there is turnover involving an employee that has access to these systems.


Vulnerabilities

19

Top 3 Critical Round-Up

Fixable:

  1. Bind Shell Backdoor Detected

  2. VNC Server Password is “password”

  3. SSL certificate has wrong hostname

No Fix Currently Available:

  1. Supermicro embedded backdoor in hardware

  2. Spectre/Meltdown vulnerability fixes unacceptable due to level of service degradation in current patch

  3. Frequent power outages taking down critical, non-redundant, infrastructure

Ignored:

  1. Group accounts used to access sensitive information

  2. Employees leaving computers unlocked when away from desks

  3. Passwords physically written down and left in plain sight

VUlnerabilities


CYBER WARRIOR IN DEPTH BRIEF