Subscribe to never miss an important update!
- Context (TH): The Corporate Affairs Ministry has resolved a critical vulnerability that jeopardized the personal information of prominent industrialists and celebrities.
What are cyber security vulnerabilities?
- Cybersecurity vulnerabilities are weaknesses in an organisation’s infrastructure, like internal controls or information systems.
- Hackers can exploit these weaknesses to gain unauthorised access.
- While vulnerabilities themselves aren’t harmful, they become risky when targeted by hackers, potentially leading to data breaches.
- Common Vulnerabilities and Exposures (CVE) periodically releases information about vulnerabilities, assigning a Common Vulnerability Scoring System (CVSS) score to assess the potential risk.
- Common sources of vulnerabilities: Cybersecurity vulnerabilities arise from misconfigurations, bugs, weak passwords, and inadequate data encryption practices.
Different types of cyber security vulnerabilities?
|Type of Vulnerability
|Many security tools require manual configuration, leading to errors and potential vulnerabilities.
|Organisations should seek security tools with automation options to minimise human error.
|APIs (Application Programming Interfaces) with public IP addresses are vulnerable to exploitation by hackers.
|IT security teams need training on best security practices, including encryption, to address API-related risks.
|Failure to update software with patches can leave systems vulnerable to exploitation.
|Organisations should take responsibility for ensuring all systems are up to date.
|Zero-day vulnerabilities are flaws unknown to organisations until exploited by threat actors.
|Disaster recovery plan, is essential to identify and mitigate zero-day vulnerabilities.
|Weak/Stolen User Credentials
|Human error, like weak passwords, is a common cause of data breaches.
|Enforcing strong password practices, changing passwords frequently, and implementing multi-factor authentication can enhance security.
|Access Control/Unauthorized Access
|Employees often have excessive access, creating a broader attack surface.
|Adopting the principle of least privilege (POLP) limits user access to what is necessary.
Indian Computer Emergency Response Team (CERT-In)