| Type of Vulnerability |
Definition
|
Prevention
|
| Misconfigurations |
Many security tools require manual configuration, leading to errors and potential vulnerabilities. |
Organisations should seek security tools with automation options to minimise human error. |
| Unsecured APIs |
APIs (Application Programming Interfaces) with public IP addresses are vulnerable to exploitation by hackers. |
IT security teams need training on best security practices, including encryption, to address API-related risks. |
| Outdated/Unpatched Software |
Failure to update software with patches can leave systems vulnerable to exploitation. |
Organisations should take responsibility for ensuring all systems are up to date. |
| Zero-day Vulnerability |
Zero-day vulnerabilities are flaws unknown to organisations until exploited by threat actors. |
Disaster recovery plan, is essential to identify and mitigate zero-day vulnerabilities. |
| Weak/Stolen User Credentials |
Human error, like weak passwords, is a common cause of data breaches. |
Enforcing strong password practices, changing passwords frequently, and implementing multi-factor authentication can enhance security. |
| Access Control/Unauthorized Access |
Employees often have excessive access, creating a broader attack surface. |
Adopting the principle of least privilege (POLP) limits user access to what is necessary. |