EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Vulnerability management: act before it is too late (By Sergio Loureiro, SecludIT)
    • Home
    • Risks management
    • Vulnerability management: act before it is too late (By Sergio Loureiro, SecludIT)

    Vulnerability management: act before it is too late (By Sergio Loureiro, SecludIT)

    Written by
    The Editorial Team
    01.13.18
    Risks management Secops
    04
    MIN
    Vulnerability management: act before it is too late (By Sergio Loureiro, SecludIT)
    Vulnerability management: act before it is too late (By Sergio Loureiro, SecludIT)
    Vulnerability management: act before it is too late (By Sergio Loureiro, SecludIT)
    Image Anthropic investigates unauthorized access to its Mythos AI model
    Risks management
    04.22.26 Risks management
    Next article
    Anthropic investigates unauthorized access to its Mythos AI model
    Read
    01
    MIN
    Image AI Secure: Are we really powerless in the face of the threat?
    Cyber +
    04.22.26 Cyber +
    Next article
    AI Secure: Are we really powerless in the face of the threat?
    Read
    04
    MIN
    Image 0-day attacks increasingly target the private sector
    Risks management
    03.06.26 Risks management
    Next article
    0-day attacks increasingly target the private sector
    Read
    01
    MIN
    Image Shadow AI, the blind spot undermining cyber governance in SMEs and mid-sized companies
    Digital transformation
    02.23.26 Digital transformation
    Next article
    Shadow AI, the blind spot undermining cyber governance in SMEs and mid-sized companies
    Read
    07
    MIN

    In an even more connected society and facing the 2.5 quintillion data bytes generated every day in the world (2017, Up Numérique), companies have two important security challenges: protecting their data and information systems as well as data of their users and customers. In order to make businesses aware, many laws and regulations recommend to monitor continuously the IT of companies and to correct any breach as quickly as possible. Yet 90% of CISOs indicate that the detected security flaws are not processed (ServiceNow 2017 study). So, are companies condemned to lose the battle against vulnerabilities?

    Vulnerability management: recommended by every regulations

    Over the years, the various national and European regulations and security standards such as ANSSI’s hygiene guide (French security agency), the Network and Information Security (NIS) directive, the PCI DSS standard for online payments, the Military Programming Law (LPM) have all had the objective of encouraging companies to strengthen their cyber security.
    Thus, they push to « implement qualified systems of detection of the events liable to affect the security of their information systems » (Article 22 of the LPM) or « to ensure the follow-up, the audit, the control and to ensure to the security of systems and facilities « (Chapter V – Article 16 NIS).
    For its part, the PCI DSS requires the establishment of a vulnerability management program (Conditions 5 and 6 – Data Security Standard v3.0). When we know that 50 new vulnerabilities are discovered every day, the area of exposure to cyber attacks for companies has never been so important. It is also time to act because currently, a company corrects a vulnerability on approximately 200 days after its detection while the patch process has decreased from 45 to 15 days.

    GDPR accentuate security duty

    More binding, the new European regulation expects more organisation and rigor. Articles 25, 32, 49 and 50 in particular express the new measures for personal data security. Article 49, in particular, focuses on « the ability of a network or information system to resist (…) accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered ». So, security must be provided preventively, continuously and companies must keep the traceability of the data and alert the users in case of violation of those ones. Unlike the national and European regulations mentioned above, the RGPD imposes its directives on the security policy to be carried out under pain of legal penalty for non-cooperative companies.

    The only effective solution: the vulnerability scanner

    Today the question is no longer « am I safe? » but « what is my security level and what are the actions to put in place to improve it? ». To answer this one and to be in good standing with the legislation and especially the RGPD, the most adapted tool is the vulnerability scanner. Automated, it continuously monitors the breaches potentially exploited by hackers and detects all new referenced vulnerabilities. It saves time for technical teams who will no longer have to do time-consuming manual analysis. They will be able to correct more quickly vulnerabilities, in particular the most critical ones which are the most dangerous.
    Simple, rapid and effective, the vulnerability scanner has everything to reassure companies and support the CISOs work. At this time of RGPD and penal constraints tightening, it would be regrettable for companies to suffer from legal actions which would greatly affect their activity.

    Companies are not condemned to lose the battle against vulnerabilities but they must choose and coordinate their weapons (the vulnerability scanner is the first shield). For this, the FIC is the perfect opportunity to discover the latest cybersecurity novelties and find the solution or solutions that best suit its business. In terms of security, the ball is in the companies’ camp.

     

    The Editorial Team
    01.13.18
    Articles by the same author:
    1
    05.06.26 Cyber stability
    Australia establishes a commission of inquiry into major cyberattacks
    Read
    01
    MIN
    2
    04.29.26 Cybercrime
    Massive data breach hits Asian football two months before the World Cup
    Read
    01
    MIN
    3
    04.28.26 Digital transformation
    World, Sam Altman’s “proof of humanity,” is coming to Zoom and Tinder
    Read
    02
    MIN
    4
    04.27.26 Cybercrime
    Germany investigates Signal hack targeting its political class
    Read
    01
    MIN
    Image Anthropic investigates unauthorized access to its Mythos AI model
    Risks management
    04.22.26 Risks management
    Next article
    Anthropic investigates unauthorized access to its Mythos AI model
    Read
    01
    MIN
    Image AI Secure: Are we really powerless in the face of the threat?
    Cyber +
    04.22.26 Cyber +
    Next article
    AI Secure: Are we really powerless in the face of the threat?
    Read
    04
    MIN
    Image 0-day attacks increasingly target the private sector
    Risks management
    03.06.26 Risks management
    Next article
    0-day attacks increasingly target the private sector
    Read
    01
    MIN
    Image Shadow AI, the blind spot undermining cyber governance in SMEs and mid-sized companies
    Digital transformation
    02.23.26 Digital transformation
    Next article
    Shadow AI, the blind spot undermining cyber governance in SMEs and mid-sized companies
    Read
    07
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.