Vulnerability types

A vulnerability is an attribute or feature in a system that can be exploited by cyber criminals to cause an adverse effect. To exploit a vulnerability a hacker must have a tool or technique that can connect to a weakness in the system. Once a hacker has exploited said vulnerability, they can install malware, run malicious code and even steal sensitive data. A vulnerability is sometimes referred to as an attack surface. 

Risk and Vulnerability 

There is a lot of confusion surrounding risk and vulnerability. The terms are often interchanged but they are two different things. Risk is the probability of a vulnerability being exploited. If the probability and impact of a vulnerability being exploited is low, then it is low risk however if the probability and impact of a vulnerability being exploited is high, then it is high risk. There are cases where common vulnerabilities pose no risk, for example if a system resource has no value to your organisation. 

Types of Vulnerabilities 

• System Flaws - A system flaw is usually due to insufficient design and testing. The system is poorly built and doesn’t operate to its fullest capacity. Complex systems are more likely to invite flaws due to misconfigurations. 
• Lack of Security - Security flaws are generally due to a lack of attention paid to proper protection or, in some cases, a low budget. This means a lack of accessibility to quality protection. 
• Human Error - Employees will make mistakes when they lack the necessary training and skills to understand cyber security and how to protect systems from attack. 
• Organisational Failure - Irresponsibility of businesses will lead to available attack surfaces. Businesses are more likely to be at risk if there are inadequate procedures in place to protect against attacks or to take if an attack should occur.
• Passwords - Poor passwords may seem like an obvious vulnerability but many people go with easy to remember passwords, which can be broken with brute force. Reusing passwords can result in multiple data breaches. 

How vulnerabilities can affect your organisation 

• Unauthorised Access - Once a hacker has gained unauthorised access to your site, they will be able to steal not only your data, but potentially your customers data as well. This could lead to customers being mistrustful of an organisation that doesn’t take better precautions to ensure the protection of their data and thus business could be lost. 
• Ransomware - The impact a ransomware attack could have could range from temporary inconvenience to the complete shutdown of an organisation. This is something businesses can’t afford, your company could suffer a shutdown of operations or financial loss as a result of revenue generating operations being attacked.         

Ways to identify Vulnerabilities 

• Penetration Testing - Penetration testing is a simulated cyberattack against your computer system to look for exploitable vulnerabilities. Companies will hire hackers to try and break into their system and then report their findings. The hackers do no damage to the system however. 
• Vulnerability Scans - A vulnerability scan is a high-level test designed to look specifically for potential vulnerabilities and then report them. 

At a time when cyber attacks are on the rise and evolving and becoming more and more destructive, it’s extremely important that vulnerability management is continuous in order to protect your organisation.

How can Securiwiser help to protect my business?  

Securiwiser monitors the security levels of your business 24/7. We will identify any vulnerabilities that may affect the cyber security of your organisation and you will be promptly notified so you can rectify any flaws before they are exploited.