In a recent survey conducted by RapidFire Tools, many MSPs think that internal vulnerability scans are unnecessary for most of their clients. Others acknowledge the necessity, but clients don’t want to pay for them, and the scans are too costly for the MSP to absorb. And some MSPs have found the information delivered by the scans is just “noise.”
But, according to best practices recommended by the National Institute of Standards and Technology (NIST), regular internal vulnerability scans must be performed on every network to avert some of the most common sources of cyber attacks.
One of the first steps a hacker commonly takes to infiltrate an organization’s network is to scan the target’s system for vulnerabilities. Once a weakness is discovered, it’s exploited. Yet many small businesses think they are too insignificant to entice hackers. But it’s not size that matters for cybercriminals, it’s ease of access. A hundred small, easy targets can be far more rewarding than one big business that’s well protected.
In 2020, 28 percent of data breaches involved small businesses. Most of those attacks – 70 percent – were executed via web applications and miscellaneous errors. Internal vulnerabilities. Internal vulnerabilities pose such a risk to organizations that the NIST Computer Security Division maintains a National Vulnerability Database (NVD) to aid businesses’ security efforts.
Internal scans play a crucial role in safeguarding networks. Many companies think that simply staying current on security patches will keep their systems in good health. That approach beckons two cautions: first, application patches might be missed or out-of-date. Secondly, patches don’t necessarily remedy misconfigurations. The system will remain in that misconfigured state no matter how many patches are deployed…until a vulnerability scan detects the issues.
By conducting regular vulnerability scans you have an opportunity to demonstrate your value to your client when you identify the risks and issues. You can also use the scan reports to make a case for your clients to spend a little more for better cybersecurity coverage.
However, for comprehensive security, your clients need internal vulnerability scans. Even the most locked-down cybersecurity posture cannot fully guard against zealous hackers, and unknown misconfigurations pose infinite, ‘silent’ risks. Some clients might not see the value in regular internal vulnerability scans, but it’s up to you to educate them about the importance of a proactive approach. As an MSP, you must advocate for clients’ network health and encourage regular scans.
If you are among the many MSPs who don’t perform internal vulnerability scans for all your clients, Inspector 2 is your solution. You can immediately add monthly internal vulnerability scanning to enhance your base managed services contract, and then use the results to sell-in additional cybersecurity services as needed. Click here to request a demo.
Verizon Business 2020 Data Breach Investigations Report, Verizon, 2020