Any business operating on the internet with internet accessible services provides an opening for anyone else on the internet - good, bad, or indifferent - to interrogate those services and see what’s running.
Bad actors and security companies are always actively conducting reconnaissance to find vulnerabilities but often lack additional context. This additional context is what should give a security team the advantage over bad actors running scrapers or scanners on the internet looking to take advantage of those vulnerabilities.
Medium sized businesses should expect their larger customers and clients to contact them about potential vulnerabilities. Generally the requests fall into three categories, according to AlixPartners’ Bill Varhol.
Listen to Bill’s guidance for how medium sized businesses should prepare to address security issues like these with customers and clients: