What is a Remote Vulnerability Assessment?

Working remotely, home schooling and the launch of many small businesses has given cyber criminals a new playground to embrace. But our Remote Vulnerability Assessment service can help in identifying weaknesses that might be used to help cyber criminals carry out successful attacks.

What type of information can cyber criminals exploit?

Late last year, a school payment system Wisepay, that allows parents to pay for things like school meals and exam fees online was targeted in a cyber attack. The attack led to parents being warned that their card details may have been compromised.

Wisepay said a hack of its website meant an attacker was able to harvest payment details between 2 and 5 October via a spoof page.

Attempted payments to about 300 schools have been affected by the scam.

But the firm said only a small number of the pupils' parents would have used its system before it was taken offline.

This is an example of where the Remote Vulnerability Assessment system would have been able to identify possible weaknesses that cyber criminals would have been able to exploit.

How does the Remote Vulnerability Assessment work?

Whether you are a school, retail business, legal firm or construction company, if you use and are connected to the internet then you may well be open vulnerabilities that you are not aware of. If your business is connected to the internet, this service can help you to identify weaknesses in that connection.

A remote vulnerability assessment is the digital version of a prospective burglar visiting your property to assess where your access points are. Instead of physically viewing your property, we can remotely look at your digital space to see where those points of entry would be for cyber criminals.

To identify where those access points are, we use the same toolsets and skillsets that hackers use to look at your businesses network and infrastructure. This service also benefits from regional Police and National Cyber Security Centre intelligence to capture the very latest known threats and techniques used by cyber criminals.

Once we have identified points and any other vulnerabilities, we provide recommendations and mitigations to tackle the identified vulnerability, so that you can take action to reduce your risk of suffering a cyber-attack as a result of this vulnerability.

During the work, the interaction with your systems is kept to a minimum, however there is always a risk that poorly maintained or designed systems can suffer outages during vulnerability assessments. That is why all remote vulnerability assessments are supported with back-out and recovery plans agreed in advance to minimise risk.

Find out more or request a quote for this service here.

I would like a full penetration test of my systems, can the SECRC help me with this?

We are able to recommend our IASME Trusted Partners network to provide additional services such as a full penetration test.

Our Trusted Partners have been subject to due diligence checks by the accreditation body appointed by the National Cyber Security Centre, the UK’s National Technical Authority who are a part of GCHQ. They are also certification bodies for Cyber Essentials and Cyber Essentials Plus schemes which assure you have considered the most common cyber technical controls.

Learn more about our Trusted Partners here.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.