INFORMATION SECURITY VULNERABILITIES:
Imagine the nuclear codes of the world’s deadliest nukes in the hands of cyber criminals or when hard earned money just vanishes from your electronic wallet without a trace?
IF THAT is thought provoking, then it’s a clear indication of how intense and critical information security is. This article focuses specifically on vulnerabilities prevailing in information security circles. Vulnerability and threat are usually used interchangeably by the public, though it is reasonably expected from those outside the security industry.
Vulnerabilities are security loopholes in information systems that stand to be exploited by threats to acquire unauthorised privilege or access to information and related organisational assets, which include employees, property and systems.
A threat on the other hand is the likelihood or probability of a vulnerability being exploited, whether deliberately or accidentally with resultant damage to information assets.
It is now clear that vulnerability is a weakness or loophole in a security system, whereas a threat is what information security experts endeavour to protect against.
The modern digital world has allowed more innovation in many areas, including social and business activities.
It has also opened doors to cyber criminals who are now carefully discovering new ways to tap the most sensitive networks for sensitive data in the world for their own gain.
Protecting business data is a growing challenge, but awareness is the first step. Currently, organisations are struggling to understand what the vulnerabilities to their information assets are, and how to obtain the necessary means to combat them.
There are different types of vulnerabilities to information.
Deliberate acts top the packing order if they are to be listed.
Vulnerabilities range from insufficiently trained human resources, poor password management, technical failures and poor management decisions, to obsolete and poorly managed network equipment such as misconfiguration and digital foot-printing.
Weak security measures and lack of adequate encryption mechanisms also haunt organisations. In the security chain, the weakest link is the human mind.
The human mind easily gets manipulated by shrewd criminals to gain access to sensitive information like passwords and systems by using non-technical means through social engineering.
This act is unpredictable and mostly involves psychological manipulation for a person to get to divulge sensitive information.
As people are becoming more and more aware of different technologies, cyber criminals are continuously improving this art to gain access to systems using this technique.
Almost everyone who uses the internet has a digital footprint which can be used against them. For instance, searching your name you will be surprised with the detailed information that comes up about yourself in cases where you have many social media accounts such as Facebook and Twitter.
These kinds of threats mainly target individuals and rarely corporates.
Most organisations are using outdated software that is no longer receiving software updates. This poses a serious threat if a financial software package is run on outdated software.
Cyber criminals can create a backdoor entrance into your systems and enjoy your fruits without you noticing it.
A reputable company can suffer huge losses because of a technological poor management practice.
Malicious software can penetrate these outdated systems undetected. IT Professionals must help in upgrading the systems. Investing in software that monitors the security of a network has become a growing trend in the enterprise space lately.
A process of allowing employees to bring their own devices like laptops, tablets and other related gadgets to access corporate ICT resources also poses a security loophole to information systems.
This process is popularly known as BOYD (Bring Your Own Device) Policy in the IT industry and it should be discouraged by corporates.
This is very common in local organisations. Company confidential data can be easily distributed to unintended destinations.
Financial, Telecommunications and Health care institutions are well aware of the sensitivity of information.
It is necessary to protect the data when it is being conveyed from one node to the other.
Data should be disguised from unauthorised users, which is achieved by a process known as encryption.
Lack of encryption or use of old technologies that uses old encryption methods is not safe.
Every day, new and smart gadgets are released.
However, suppliers tend to cover up the flaws with software patches. With the advent of the internet of things (IoT), most of them rely on cloud services.
A weak or insecure connection to the cloud presents a serious risk.
Cyber criminals prefer the path of least resistance or exploit technologies with weak security protocols.
In the Information Security industry they say: “If you spend more on coffee than on IT security, you will be hacked. What’s more, you probably deserve to be hacked”. — africom