An Investment Adviser Client contacted Winquest to perform a vulnerability assessment of their network and mobile devices prior to a possible SEC cybersecurity sweep examination. Winquest deployed a team to Client site and conducted a full vulnerability scan of Client systems. The Client was doing a good job of keeping software patches updated and systems inventories current but there were still over 1000 vulnerabilities discovered (which is not unusual).
The largest vulnerability was discovered when Winquest compared our network map with the Client’s inventory and found a discrepancy in the systems still functioning on the network. The Client had a server on their network that was supposed to be turned off and removed over a year prior but was still operating. Since the Client believed the server had been removed, no security updates had been made which made the system highly vulnerable to attack. The server was immediately removed from the network which eliminated the vulnerability.