CYBER SECURITY VULNERABILITIES

 What is a Vulnerability in cyber security?

 Examples of Vulnerabilities
 How is Vulnerability different from a cyber security threat and risk?
 When does Vulnerability become exploitable?
 What causes Vulnerability?
 Types of Vulnerabilities
 What is Vulnerability Management?
 Conclusion

Effectively managing vulnerabilities adds success to the security programs as well as

keeps the impact of successful attacks under control with minimum damage. Hence,
there is a need for an established vulnerability management system for organizations
across all industries. But, before we break down the different cyber security
vulnerabilities, let’s learn what vulnerability is.

What is Vulnerability in Cyber Security?

A vulnerability in cyber security refers to any weakness in an information system,
system processes, or internal controls of an organization. These vulnerabilities are
targets for lurking cybercrimes and are open to exploitation through the points of
vulnerability.

These hackers are able to gain illegal access to the systems and cause severe damage
to data privacy. Therefore, cybersecurity vulnerabilities are extremely important to
monitor for the overall security posture as gaps in a network can result in a full-scale
breach of systems in an organization.

Examples of Vulnerabilities
Below are some examples of vulnerability:

 A weakness in a firewall that can lead to malicious hackers getting into a

computer network
 Lack of security cameras
 Unlocked doors at businesses

All of these are weaknesses that can be used by others to hurt a business or its assets.

How is vulnerability different from a cyber

security threat and risk?
Vulnerabilities are not introduced to a system; rather they are there from the beginning.
There are not many cases involving cybercrime activities that lead to vulnerabilities.
They are typically a result of operating system flaws or network
misconfigurations. Cyber security threats, on the other hand, are introduced to a system
like a virus download or a social engineering attack.

Cyber security risks are generally classified as vulnerabilities, which can lead to
confusion as they are not one and the same. Risks are actually the probability and
impact of a vulnerability being exploited. If these two factors are low, then the risk is low.
It is directly proportional, in which case, the inverse is also true; high probability and
impact of vulnerabilities lead to high risks.

The impact of cyberattacks is, generally, tied to the CIA triad of the resource. Some
common vulnerabilities pose no risk when the vulnerability has not much value to an
organization.

When does a vulnerability become exploitable?

A vulnerability, which has at least one definite attack vector is an exploitable
vulnerability. Attackers will, for obvious reasons, want to target weaknesses in the
system or network that are exploitable. Of course, vulnerability is not something that
anyone will want to have, but what you should be more worried about is it being
exploitable.

There are cases when something that is vulnerable is not really exploitable. The
reasons could be:

1. Insufficient public information for exploitation by attackers.

2. Prior authentication or local system access that the attacker may not have
3. Existing security controls

Strong security practices can prevent many vulnerabilities from becoming exploitable.

What causes the vulnerability?

There are many causes of Vulnerabilities like:

1. Complex Systems – Complex systems increase the probability of misconfigurations,

flaws, or unintended access.
2. Familiarity – Attackers may be familiar with common code, operating systems,
hardware, and software that lead to known vulnerabilities.
3. Connectivity – Connected devices are more prone to have vulnerabilities.
4. Poor Password Management – Weak and reused passwords can lead from one data
breach to several.
5. OS Flaws – Operating systems can have flaws too. Unsecured operating systems by
default can give users full access and become a target for viruses and malware.
6. Internet – The internet is full of spyware and adware that can be installed automatically
on computers.
7. Software Bugs – Programmers can sometimes accidentally, leave an exploitable bug in
the software.
8. Unchecked user input – If software or a website assumes that all input is safe, it may
run unintended SQL injection.
 9. People – Social engineering is the biggest threat to the majority of organizations. So,
humans can be one of the biggest causes of vulnerability.

Types of Vulnerabilities
Below are some of the most common types of cybersecurity vulnerabilities:

System Misconfigurations

Network assets that have disparate security controls or vulnerable settings can result in
system misconfigurations. Cybercriminals commonly probe networks for system
misconfigurations and gaps that look exploitable. Due to the rapid digital transformation,
network misconfigurations are on the rise. Therefore, it is important to work with
experienced security experts during the implementation of new technologies.

Out-of-date or Unpatched Software

Similar to system misconfigurations, hackers tend to probe networks for unpatched

systems that are easy targets. These unpatched vulnerabilities can be exploited by
attackers to steal sensitive information. To minimize these kinds of risks, it is essential
to establish a patch management schedule so that all the latest system patches are
implemented as soon as they are released.

Missing or Weak Authorization Credentials

A common tactic that attackers use is to gain access to systems and networks through
brute force like guessing employee credentials. That is why it is crucial that employees
be educated on the best practices of cybersecurity so that their login credentials are not
easily exploited.
Malicious Insider Threats

Whether it’s with malicious intent or unintentionally, employees with access to critical
systems sometimes end up sharing information that helps cyber criminals breach the
network. Insider threats can be really difficult to trace as all actions will appear
legitimate. To help fight against these types of threats, one should invest in network
access control solutions, and segment the network according to employee seniority and
expertise.

Missing or Poor Data Encryption

It’s easier for attackers to intercept communication between systems and breach a
network if it has poor or missing encryption. When there is poor or unencrypted
information, cyber adversaries can extract critical information and inject false
information onto a server. This can seriously undermine an organization’s efforts toward
cyber security compliance and lead to fines from regulatory bodies.

Zero-day Vulnerabilities

Zero-day vulnerabilities are specific software vulnerabilities that the attackers have
caught wind of but have not yet been discovered by an organization or user.

In these cases, there are no available fixes or solutions since the vulnerability is not yet
detected or notified by the system vendor. These are especially dangerous as there is
no defense against such vulnerabilities until after the attack has happened. Hence, it is
important to remain cautious and continuously monitor systems for vulnerabilities to
minimize zero-day attacks.

What is Vulnerability Management?

Vulnerability management is the cyclical practice consisting of identification,
classification, remediation, and mitigation of security vulnerabilities. There are three
essential elements of vulnerability management viz. vulnerability detection, vulnerability
assessment, and remediation.

Vulnerability Detection

Vulnerability detection includes the following three methods:

 Vulnerability scanning
 Penetration testing
 Google hacking

Cyber Security Vulnerability Scan

As the name suggests, the scan is done to find vulnerabilities in computers,

applications, or networks. For this purpose, a scanner (software) is used, which can
discover and identify vulnerabilities that arise from misconfiguration and flawed
programming within a network.

Some popular vulnerability scanning tools are SolarWinds Network Configuration

Manager (NCM), ManageEngine Vulnerability Manager Plus, Rapid7 Nexpose,
Acunetix, Probely, TripWire IP 360, etc.
Penetration Testing

Penetration testing or pen testing is the practice of testing an IT asset for security
vulnerabilities that an attacker could potentially exploit. Penetration testing can be
automated or manual. It can also test security policies, employee security awareness,
the ability to identify and respond to security incidents, and adherence to compliance
requirements.

Google Hacking

Google hacking is the use of a search engine to locate security vulnerabilities. This is
achieved through advanced search operators in queries that can locate hard-to-find
information or data that has been accidentally exposed due to the misconfiguration of
cloud services. Mostly these targeted queries are used to locate sensitive information
that is not intended for public exposure.

Cyber Security Vulnerability Assessment

Once vulnerability is detected, it goes through the vulnerability assessment process.

What is a vulnerability assessment? It is a process of systematically reviewing security
weaknesses in an information system. It highlights whenever a system is prone to any
known vulnerabilities as well as classifies the severity levels, and recommends
appropriate remediation or mitigation if required.

The assessment process includes:

 Identify vulnerabilities: Analyzing network scans, firewall logs, pen test results, and
vulnerability scan results to find anomalies that might highlight vulnerabilities prone to
cyber-attacks.
  Verify vulnerabilities: Decide whether an identified vulnerability could be exploited and
classify its severity to understand the level of risk
 Mitigate vulnerabilities: Come up with appropriate countermeasures and measure their
effectiveness if a patch is not available.
 Remediate vulnerabilities: Update affected software or hardware wherever possible.

There are several types of vulnerability assessments:

 Network-based assessment: This type of assessment is used to identify potential

issues in network security and detect systems that are vulnerable on both wired and
wireless networks.
 Host-based assessment: Host-based assessment can help locate and identify
vulnerabilities in servers, workstations, and other network hosts. It generally assesses
open ports and services and makes the configuration settings and the patch
management of scanned systems more visible.
 Wireless network assessment: It involves the scanning of Wi-Fi networks and attack
vectors in the infrastructure of a wireless network. It helps validate that a network is
securely configured to avoid unauthorized access and can also detect rogue access
points.
 Application assessment: It is the identification of security vulnerabilities in web
applications and their source code. This is achieved by implementing automated
vulnerability scanning tools on the front-end or analyzing the source code statically or
dynamically.
 Database assessment: The assessment of databases or big data systems for
vulnerabilities and misconfiguration, identifying rogue databases or insecure dev/test
environments, and classifying sensitive data to improve data security.

Vulnerability management becomes a continuous and repetitive practice because cyber

attacks are constantly evolving.
Vulnerability Remediation

To always be one step ahead of malicious attacks, security professionals need to have
a process in place for monitoring and managing the known vulnerabilities. Once a time-
consuming and tedious manual job, now it is possible to continuously keep track of an
organization’s software inventory with the help of automated tools, and match them
against the various security advisories, issue trackers, or databases.

If the tracking results show that the services and products are relying on risky code, the
vulnerable component needs to be located and mitigated effectively and efficiently.

The following remediation steps may seem simple, but without them, organizations may
find themselves in a bit of difficulty when fighting against hackers.

Step 1: Know Your Code – Knowing what you’re working with is crucial and the first
step of vulnerability remediation. Continuously monitoring software inventory to be
aware of which software components are being used and what needs immediate
attention will significantly prevent malicious attacks.

Step 2: Prioritize Your Vulnerabilities – Organizations need to have prioritization

policies in place. The risk of the vulnerabilities needs to be evaluated first by going
through the system configuration, the likelihood of an occurrence, its impact, and the
security measures that are in place.

Step 3: Fix – Once the security vulnerabilities that require immediate attention are
known, it is time to map out a timeline and work plan for the fix.