Many businesses believe their IT infrastructure is secure — until the first scan. We share the most common findings from real-world assessments and what they mean for your organization.
The First Scan Is Always an Eye-Opener
When an SMB scans its infrastructure with a vulnerability scanner for the first time, the results are almost always surprising. Not because the IT work was done poorly — but because vulnerabilities silently accumulate over months and years without anyone noticing.
Based on our experience with Swiss SME networks, here is what typically comes up — and why it matters.
1. Outdated Software Everywhere
The most common finding: software that is not up to date. This does not just affect server operating systems — it especially applies to:
- Web servers (Apache, Nginx, IIS) with known CVEs
- CMS platforms (WordPress, Joomla) with outdated plugins
- Network devices (switches, firewalls, access points) running firmware from years ago
- SSL/TLS libraries that still support long-deprecated protocols
Most of these vulnerabilities have publicly available exploits. That means anyone with basic technical knowledge can take advantage of them.
2. Open Services Nobody Knows About
Nearly every network has services running that no one is aware of. Common examples include:
- An SNMP service with the community string “public” that exposes network details
- A database port that is reachable from the internet
- An RDP session that was left open after a maintenance window
- A test web server that a developer set up two years ago
Each of these open services is a potential entry point for an attacker. You cannot protect what you do not know exists.
3. SSL/TLS Configuration Issues
Even organizations that “encrypt everything” frequently have problems with their SSL/TLS configuration:
- Expired or soon-to-expire certificates
- Support for deprecated protocols (TLS 1.0, TLS 1.1)
- Weak cipher suites that enable attacks like BEAST or POODLE
- Self-signed certificates on publicly accessible services
These issues are often straightforward to fix — but you have to know about them first.
4. Default Passwords and Weak Authentication
It sounds hard to believe, but in a surprisingly high percentage of scans we find:
- Devices with default passwords (admin/admin, admin/password)
- Services with no authentication (open management interfaces)
- FTP servers with anonymous access
- Web applications with default admin accounts
For an attacker, this is the easiest way into a network. No exploit needed — just log in.
5. Missing Network Segmentation
If the scanner can reach everything from a single network segment, so can an attacker. In many cases, there is no separation between:
- The office network and the server network
- The guest Wi-Fi and the internal network
- Production systems and office IT
This means a single compromised workstation can become a stepping stone into the entire network.
What to Do After the First Scan
The first scan often produces dozens to hundreds of findings. That can feel overwhelming. Here is the right approach:
- Do not panic. Most organizations get similar results.
- Prioritize by risk. Address critical vulnerabilities on publicly exposed systems first.
- Go for the quick wins. Change default passwords, disable unnecessary services, apply patches.
- Scan regularly. A one-time scan only shows you the current state. Only regular scanning reveals whether the situation is actually improving.
The Biggest Mistake
The biggest mistake is not having vulnerabilities. The biggest mistake is not knowing which ones you have. Every day without visibility is a day where an attacker has the upper hand.
Regular vulnerability scanning is the simplest and most cost-effective measure to measurably improve your IT security. Not perfect — but infinitely better than flying blind.
