A cyber incident response plan is a key element of business security. Having the right...
Cybersecurity is a must for every organisation, as cybercriminals become more sophisticated in their methods of attack, organisations need to establish and continuously improve their cybersecurity strategy. A big part of maintaining a high level of information security is identifying and fixing any vulnerabilities that are present within systems and networks.
A cybersecurity vulnerability if exploited can compromise the entirety of your organisation and can lead to a full-scale data breach or cyber attack which can mean significant financial, reputational and legal consequences. Below we will explore the common types of vulnerabilities, as well as provide insight into how to best identify and manage them.
What is a vulnerability?
A cybersecurity vulnerability is a weakness that can be exploited by a malicious actor to gain unauthorised access to a system or network. Once within a system or network, a cybercriminal can commence their cyber attack by installing malware, stealing data or running harmful code. The Information Systems Audit and Control Association or ISACA defines a vulnerability as a weakness in design, implementation, operation or control. Cybercriminals exploit vulnerabilities in a number of ways, for example through the use of SQL Injections or cross-site scripting (XSS).
How is it different from a cyber threat?
A cyber threat is a negative action or event facilitated by a vulnerability that results in an undesired impact on a computer system or application. While a vulnerability exists in a system a cyber threat is introduced by an outside party such as a cyber-criminal. Vulnerabilities exist due to a system or network error, flaw or misconfiguration, while on the other hand a cyber threat is typically created by an action, e.g. an employee clicking on a malicious link in a phishing email.
What are different types of vulnerabilities?
There are numerous types of vulnerabilities, below is a list of the most common types that your information security team needs to be on the lookout for:
1. System Misconfigurations
A common type of vulnerability is a system misconfiguration, these usually occur when security controls are inaccurately configured or left insecure, therefore putting your organisation’s information security at risk. Cybercriminals scour networks and systems for these misconfigurations to gain unauthorised entry or access to sensitive data. With the increase in the adoption of digital technologies that are more complex and interconnected, comes a higher chance of oversight when it comes to system configuration. Therefore it is crucial to keep information security in mind when implementing new technology.
2. Un-patched or out-of-date software
Software is always getting updated to patch the latest security weaknesses discovered, forgetting to install the latest patches and updates to software regularly can leave your organisation vulnerable to attack. Cybercriminals often probe systems and networks to see if they are out of date and missing a security patch. Patch management is an essential part of managing vulnerabilities.
3. Weak or reused passwords
Cybercriminals can use the brute force of submitting vast numbers of passwords or passphrases with the hope of eventually guessing correctly and gaining access to sensitive information. The use of simple passwords or reusing the same password across multiple accounts by employees can be detrimental to information security and is a huge vulnerability. Every cybersecurity strategy should include policies around password management, enforcing the use of complex passwords, that are unique, not shared and updated regularly.
The biggest cybersecurity vulnerability to an organisation is its employees, as discovered by IBM in their Cyber Security Intelligence Index Report, 95% of data breaches or cyber-attacks are mainly caused by human error. Organisations that don’t train their employees in Information security awareness are making easy prey for malicious actors who orchestrate social engineering attacks.
5. Insider Threat
Employees with malicious intent and access to critical systems can divulge sensitive information that enables a cybercriminal to gain unauthorised access to a system or network. The challenge with an insider threat is that any monitoring or detective measures put in place will not recognise an employee's actions as suspicious and will appear legitimate. Therefore, it is important to ensure that appropriate privilege and identity access management is in place, and any employees who are offboarded, have their access revoked.
6. Poor data encryption
Poor encryption is a type of vulnerability that enables a cybercriminal to intercept communication between systems. When this happens the malicious actor has free reign to download or change critical information. It is essential that data is encrypted whether at rest or in transit, this also reduces the impact of a security incident so that even if a malicious individual gets access to your sensitive data e.g. stealing a USB or hard drive that stores data, there is another level of security to thwart an attacker’s efforts.
7. Zero-day vulnerabilities
A zero day vulnerability is a flaw or security hole in your software that your company is unaware of. For example, there may be faulty code that leaves your software susceptible.
A zero-day attack refers to an attack that targets that flaw on the same day that it becomes known. So there are “zero days” between the time when the vulnerability is discovered and when an attack is initiated. In other words, the flaw is exploited by cybercriminals before your organisation is able to fix it.
How do you manage these vulnerabilities?
Vulnerability management is the process of identifying, classifying, remediating and mitigating security weaknesses or vulnerabilities. It usually involves three key steps; detection, assessment and remediation.
What is a vulnerability assessment?
A vulnerability assessment commonly referred to as a vulnerability scan assesses your network and computer systems for vulnerabilities. These scans are automated and give you an initial idea of which vulnerabilities in your system can be exploited by hackers.These vulnerability scans can be started manually or run as per a schedule and can take several minutes to several hours to complete.
Vulnerability scans are considered to be a passive method to managing vulnerabilities as it simply reports the ones that are detected, with a chance of vulnerabilities being false positives. A false positive is a threat that is identified by the scan that is not real. It is the organisation’s responsibility to figure out how to patch and prioritise the vulnerabilities after eliminating the false positives in the report.
How can StickmanCyber help?
StickmanCyber can help your organisation identify weaknesses that may leave you vulnerable to a data breach or cyber attack. Let our team of experts conduct a full analysis of your organisation to detect any vulnerabilities or weaknesses. Learn more and contact us today!