Never Miss an Important Update! Assured Discounts on New Products!
Cyber Security Vulnerabilities
Subscribers of "Current Affairs" course can Download Daily Current Affairs in PDF/DOC
- Context (TH): The Corporate Affairs Ministry has resolved a critical vulnerability that jeopardized the personal information of prominent industrialists and celebrities.
What are cyber security vulnerabilities?
- Cybersecurity vulnerabilities are weaknesses in an organisation’s infrastructure, like internal controls or information systems.
- Hackers can exploit these weaknesses to gain unauthorised access.
- While vulnerabilities themselves aren’t harmful, they become risky when targeted by hackers, potentially leading to data breaches.
- Common Vulnerabilities and Exposures (CVE) periodically releases information about vulnerabilities, assigning a Common Vulnerability Scoring System (CVSS) score to assess the potential risk.
- Common sources of vulnerabilities: Cybersecurity vulnerabilities arise from misconfigurations, bugs, weak passwords, and inadequate data encryption practices.
|
Different types of cyber security vulnerabilities?
Type of Vulnerability |
Definition |
Prevention |
Misconfigurations | Many security tools require manual configuration, leading to errors and potential vulnerabilities. | Organisations should seek security tools with automation options to minimise human error. |
Unsecured APIs | APIs (Application Programming Interfaces) with public IP addresses are vulnerable to exploitation by hackers. | IT security teams need training on best security practices, including encryption, to address API-related risks. |
Outdated/Unpatched Software | Failure to update software with patches can leave systems vulnerable to exploitation. | Organisations should take responsibility for ensuring all systems are up to date. |
Zero-day Vulnerability | Zero-day vulnerabilities are flaws unknown to organisations until exploited by threat actors. | Disaster recovery plan, is essential to identify and mitigate zero-day vulnerabilities. |
Weak/Stolen User Credentials | Human error, like weak passwords, is a common cause of data breaches. | Enforcing strong password practices, changing passwords frequently, and implementing multi-factor authentication can enhance security. |
Access Control/Unauthorized Access | Employees often have excessive access, creating a broader attack surface. | Adopting the principle of least privilege (POLP) limits user access to what is necessary. |
Indian Computer Emergency Response Team (CERT-In)
|