Every business is under constant threat from a multitude of sources. From the biggest Fortune 500 companies down to the smallest of mom-and-pop stores, no business is 100% safe from an attack. The simple fact is that there are too many threats out there to effectively prevent them all.
For example, as noted by leading antivirus company Kaspersky Lab, “The number of new malicious files processed by Kaspersky Lab’s in-lab detection technologies reached 360,000 a day in 2017.” That’s 250 new malware threats every minute.
But, malware isn’t the only threat out there; there are many more cybersecurity threats and network vulnerabilities in existence that malicious actors can exploit to steal your company’s data or cause harm.
What is Vulnerability in Computer Security and How is It Different from a Cyber Threat?
To put it in the most basic terms, a computer system vulnerability is a flaw or weakness in a system or network that could be exploited to cause damage, or allow an attacker to manipulate the system in some way.
This is different from a “cyber threat” in that while a cyber threat may involve an outside element, computer system vulnerabilities exist on the network asset (computer) to begin with. Additionally, they are not usually the result of an intentional effort by an attacker—though cybercriminals will leverage these flaws in their attacks, leading some to use the terms interchangeably.
The way that a computer vulnerability is exploited depends on the nature of the vulnerability and the motives of the attacker. These vulnerabilities can exist because of unanticipated interactions of different software programs, system components, or basic flaws in an individual program.
Here are a few security vulnerability and security threat examples to help you learn what to look for:
As pointed out earlier, new malware is being created all the time. However, while the statistic of 360,000 new malware files a day sounds daunting, it’s important to know one thing: Many of these “new” malware files are simply rehashes of older malware programs that have been altered just enough to make them unrecognizable to antivirus programs.
Over the years, however, many different kinds of malware have been created, each one affecting the target’s systems in a different way:
- Ransomware. This malicious software is designed to encrypt the victim’s data storage drives, rendering them inaccessible to the owner. An ultimatum is then delivered, demanding payment in return for the encryption key. If the ransom demand isn’t met, the key will be deleted and the data lost forever with it.
- Trojans. This references a kind of delivery system for malware. A Trojan is any piece of malware that masquerades as a legitimate program to trick victims into installing it on their systems. Trojans can do a lot of damage because they slip behind your outermost network security defenses by posing as something harmless while carrying a major threat inside—like a certain infamous horse did to the city of Troy in Homer’s “Iliad.”
- Worms. Worms are programs that can self-replicate and spread through a variety of means, such as emails. Once on a system, the worm will search for some form of contacts database or file sharing system and send itself out as an attachment. When in email form, the attachment is part of an email that looks like it’s from the person whose computer was compromised.
The goal of many malware programs is to access sensitive data and copy it. Some highly-advanced malwares can autonomously copy data and send it to a specific port or server that an attacker can then use to discreetly steal information.
Basic antivirus can protect against some malwares, but a multilayered security solution that uses antivirus, deep-packet inspection firewalls, intrusion detection systems (IDSs), email virus scanners, and employee awareness training is needed to provide optimal protection.
2) Unpatched Security Vulnerabilities
While there are countless new threats being developed daily, many of them rely on old security vulnerabilities to work. With so many malwares looking to exploit the same few vulnerabilities time and time again, one of the biggest risks that a business can take is failing to patch those vulnerabilities once they’re discovered.
It’s all too common for a business—or even just the individual users on a network—to dismiss the “update available” reminders that pop up in certain programs because they don’t want to lose the 5-10 minutes of productive time that running the update would take. Updating is a nuisance to most users. However, it’s a “nuisance” that could save a business untold amounts of time, money, and lost business later.
The easy fix is to maintain a regular update schedule—a day of the week where your IT team checks for the latest security patches for your organization’s software and ensures that they’re applied to all of your company’s systems.
3) Hidden Backdoor Programs
This is an example of an intentionally-created computer security vulnerability. When a manufacturer of computer components, software, or whole computers installs a program or bit of code designed to allow a computer to be remotely accessed (typically for diagnostic, configuration, or technical support purposes), that access program is called a backdoor.
When the backdoor is installed into computers without the user’s knowledge, it can be called a hidden backdoor program. Hidden backdoors are an enormous software vulnerability because they make it all too easy for someone with knowledge of the backdoor to illicitly access the affected computer system and any network it is connected to.
For example, a recent article by Bloomberg highlights a case where a security vulnerability that could be used as a backdoor was left in a manufacturer’s routers. According to the author:
“Europe’s biggest phone company identified hidden backdoors in the software that could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy, a system that provides internet service to millions of homes and businesses… Vodafone asked Huawei to remove backdoors in home internet routers in 2011 and received assurances from the supplier that the issues were fixed, but further testing revealed that the security vulnerabilities remained."
This software vulnerability in the Huawei routers is concerning because, if used by malicious actors, it could give them direct access to millions of networks.
4) Superuser or Admin Account Privileges
One of the most basic tenets of managing software vulnerabilities is to limit the access privileges of software users. The less information/resources a user can access, the less damage that user account can do if compromised.
However, many organizations fail to control user account access privileges—allowing virtually every user in the network to have so-called “Superuser” or administrator-level access. Some computer security configurations are flawed enough to allow unprivileged users to create admin-level user accounts.
Verifying that user account access is restricted to only what each user needs to do their job is crucial for managing computer security vulnerabilities. Also, ensuring that newly-created accounts cannot have admin-level access is important for preventing less-privileged users from simply creating more privileged accounts.
5) Automated Running of Scripts without Malware/Virus Checks
One common network security vulnerability that some attackers learned to exploit is the use of certain web browsers’ (such as Safari) tendencies to automatically run “trusted” or “safe” scripts. By mimicking a trusted piece of code and tricking the browser, cybercriminals could get the browser software to run malware without the knowledge or input of the user—who often wouldn’t know to disable this “feature.”
While keeping employees from visiting untrustworthy websites that would run malware is a start, disabling the automatic running of “safe” files is much more reliable—and necessary for compliance with the Center for Internet Security’s (CIS’) AppleOS benchmark.
6) Unknown Security Bugs in Software or Programming Interfaces
Computer software is incredibly complicated. When two or more programs are made to interface with one another, the complexity can only increase. The issue with this is that within a single piece of software, there may be programming issues and conflicts that can create security vulnerabilities. When two programs are interfaced, the risk of conflicts that create software vulnerabilities rises.
Programming bugs and unanticipated code interactions rank among the most common computer security vulnerabilities—and cybercriminals work daily to discover and abuse them. Unfortunately, predicting the creation of these computer system vulnerabilities is nearly impossible because there are virtually no limits to the combinations of software that might be found on a single computer, let alone an entire network.
7) Phishing (Social Engineering) Attacks
In a phishing attack, the attacker attempts to trick an employee in the victim organization into giving away sensitive data and account credentials—or into downloading malware. The most common form of this attack comes as an email mimicking the identity of one of your company’s vendors or someone who has a lot of authority in the company.
For example, the attacker may say something like: “This is Mark from IT, your user account shows suspicious activity, please click this link to reset and secure your password.” The link in such an email often leads to a website that will download malware to a user’s computer, compromising their system. Other phishing attacks may ask users to give the attacker their user account credentials so they can solve an issue.
The basic goal of this strategy is to exploit an organization’s employees to bypass one or more security layers so they can access data more easily.
There are several ways to defend against this attack strategy, including:
- Email Virus Detection Tools. To check email attachments for malware that could harm your network.
- Multifactor Authentication (MFA). Using multiple authentication methods (such as biometrics, one-use texted codes, and physical tokens) for giving users access to your network makes it harder for attackers to hijack user accounts with just the username and password.
- Employee Cybersecurity Awareness Training. An educated employee is less likely to fall for phishing schemes than one who doesn’t know basic cybersecurity protocols. Cybersecurity awareness training helps to provide employees with the basic knowledge they need to identify and avoid phishing attacks.
- Defense in Depth. Using a defense-in-depth approach to network security adds extra layers of protection between each of the individual assets on the network. This way, if attackers bypass the outermost defenses of the network, there will still be other layers of protection between the compromised asset and the rest of the network.
- Policy of Least Privilege. Enacting a policy of least privilege means restricting a user’s access to the minimum amount needed to perform their job duties. This way, if that user’s account privileges are misused, the damage will be limited.
8) Your IoT Devices
The Internet of Things (IoT) encompasses many “smart” devices, such as Wi-Fi capable refrigerators, printers, manufacturing robots, coffee makers, and countless other machines. The issue with these devices is that they can be hijacked by attackers to form slaved networks of compromised devices to carry out further attacks. Worse yet, many businesses don’t even realize just how many IoT devices they have on their networks—meaning that they have unprotected vulnerabilities that they aren’t aware of.
These unknown devices represent a massive opportunity to attackers—and, a massive risk for businesses.
To minimize the risk from IoT devices, a security audit should be performed that identifies all of the disparate assets on the network and the operating systems they’re running. This way, these IoT devices can be properly accounted for in the company’s cybersecurity strategy. Such audits should be performed periodically to account for any new devices that may be added to the network over time.
9) Your Own Employees
The biggest security vulnerability in any organization is its own employees. Whether it’s the result of intentional malfeasance or an accident, most data breaches can be traced back to a person within the organization that was breached.
For example, employees may abuse their access privileges for personal gain. Or, an employee may click on the wrong link in an email, download the wrong file from an online site, or give the wrong person their user account credentials—allowing attackers easy access to your systems.
Some of the same prevention techniques mentioned in the anti-phishing bullets can be applied to prevent data breaches caused by employees.
For example, using a policy of least privilege keeps users from having access to too much data at once, making it harder for them to steal information. Additionally, cybersecurity awareness training helps employees spot phishing attempts and other social engineering-style attacks so they won’t fall for them.
How to Find Security Vulnerabilities
One of the most important steps in preventing a security breach is identifying security vulnerabilities before an attacker can leverage them. But, many organizations lack the tools and expertise to identify security vulnerabilities. To help your business improve its cybersecurity, here are some tips for how to find security vulnerabilities:
How to Find Security Vulnerabilities: Audit Your Network Assets
To find security vulnerabilities on the business’ network, it is necessary to have an accurate inventory of the assets on the network, as well as the operating systems (OSs) and software these assets run. Having this inventory list helps the organization identify security vulnerabilities from obsolete software and known program bugs in specific OS types and software.
Without this inventory, an organization might assume that their network security is up to date, even though they could have assets with years-old vulnerabilities on them. Also, if a new security protocol is applied to assets on the network to close security gaps, but there are unknown assets on the network, this could lead to uneven protection for the organization.
For example, say that Servers A, B, and C get updated to require multi-factor authentication, but Server D, which was not on the inventory list, doesn’t get the update. Malicious actors could use this less-secure server as an entry point in an attack. Breaches have occurred in this manner before. As noted by The New York Times in an article about a major data breach affecting JPMorgan Chase bank, “Most big banks use a double authentication scheme, known as two-factor authentication, which requires a second one-time password to gain access to a protected system. But JPMorgan’s security team had apparently neglected to upgrade one of its network servers with the dual password scheme.”
When it comes to finding security vulnerabilities, a thorough network audit is indispensable for success.
How to Find Security Vulnerabilities: Penetration Testing
After completing the audit of the network and inventorying every asset, the network needs to be stress-tested to determine how an attacker might try to break it. Such penetration testing is how cybersecurity professionals check for security gaps so they can be closed before a malicious attack occurs.
The methodology behind a penetration test may vary somewhat depending on the organization’s network security architecture and cybersecurity risk profile—there is no true “one size fits all” approach to penetration testing. However, the general steps of a penetration test usually involve:
- Getting a “white hat” hacker to run the pen test at a set date/time.
- Auditing existing systems to check for assets with known vulnerabilities.
- The “hackers” running simulated attacks on the network that attempt to exploit potential weaknesses or uncover new ones.
- The organization running its incident response plan (IRP) to try and contain the “attacks” simulated during penetration testing.
In addition to identifying security vulnerabilities, the last item on the list can also help to find deficiencies in the company’s incident response. This can be useful for modifying response plans and measures to further reduce exposure to some cybersecurity risks.
How to Find Security Vulnerabilities: Creating a Threat Intelligence Framework
Penetration testing is highly useful for finding security vulnerabilities. However, it isn’t the only method companies should use. Another tool for identifying potential issues is the threat intelligence framework. This framework helps your organization:
- Define what it needs to protect.
- Set goals for overall network security.
- Identify primary threat sources.
- Refine cybersecurity protections.
- Choose appropriate threat intelligence feeds to monitor new and emerging cyber threats and attack strategies.
Knowing what your biggest network security threats are is crucial for keeping your cybersecurity protection measures up to date. This is where many companies turn to a managed security services provider (MSSP), since these cybersecurity experts will often have tools and experience that make creating a threat intelligence framework easier.
Many MSSPs can provide penetration testing and vulnerability management services to quickly identify major network security issues—and then help their customers close those security gaps before an attacker can leverage them. MSSPs can also help create or modify incident response plans so companies can minimize the impacts if a network security breach does unfortunately occur.
Knowing what the biggest threats to your business are is the first step to protecting your (and your customers’) sensitive data. However, it takes a lot of hard work, expertise, and vigilance to minimize your cybersecurity risks. If you need help setting up a strong cybersecurity architecture to protect your business, contact Compuquip Cybersecurity today! We’re here to help you minimize your risks and protect your business.
Or, download our free cybersecurity guide at the link below: