A network vulnerability assessment is the initial phase of any cybersecurity strategy. In the National Institute of Standards and Technology (NIST) Cybersecurity Framework, vulnerability assessments fall under the “identify” phase. They are designed to help organizations identify any gaps in their security posture and prioritize the activities needed to close those gaps. Because cyber threats are continually evolving, organizations should regularly review their IT environment in order to understand their risk exposure.

The near-overnight shift to remote work models created a perfect storm of security challenges. Employees were suddenly working outside the secure perimeter, and IT teams were focused on providing connectivity to corporate applications and data. Even organizations that already had a distributed workforce had to quickly scale up their remote access infrastructure.

The rapid shift to work-from-home models has largely been successful, enabling public- and private-sector organizations to keep functioning and meet social distancing requirements. The benefits have been so great that many organizations plan to offer remote work options after the pandemic has abated. A Cisco survey conducted between June and September 2020 found that 37 percent of organizations expect to continue work-from-home arrangements long-term.

Email remains a primary vector for cybersecurity threats. According to the Verizon Data Breach Incident Report, 94 percent of malware is spread via email, and phishing accounts for 80 percent of social engineering attacks. Losses associated with phishing attacks averaged $17,700 per minute in 2019, according to data from RiskIQ.