Despite the fact that there are countless types of cyber security vulnerabilities, the 2020 Verizon Data Breach Investigations Report (DBIR) found that a relatively small percentage of them are used in the majority of breaches.
That said, it's imperative that organizations understand this doesn't mean attackers aren't ready to exploit your vulnerabilities in any way they can, or that the threat is minimized. Using unpatched devices and applications is a recipe for disaster.
As vulnerabilities grow and the threat landscape widens thanks to increasingly-complex IT infrastructures, the ability to recognize how and where your organization may be vulnerable is essential to maintaining a healthy security posture.
A critical step in this process is understanding the common types of cyber security vulnerabilities and how to mitigate the risk.
Phishing and ransomware
Because of their high profile, phishing attacks and ransomware are the most commonly known vulnerabilities; Verizon's DBIR lists them as the top breach threat type.
With this threat, attackers send messages (email, social media or other messaging apps) that appear legitimate but contain links or malicious attachments. The attacker's goal is to get employees to click on the fake link or attachment and either provide login credentials to sensitive information or execute harmful code.
- Impact: Successful phishing campaigns can lead to compromised systems, accounts or web sessions. The damage can be financial losses, lost or compromised data, lack of access to data or erosion of customer loyalty. Successful ransomware campaigns can lock an entire company out its systems and lead to millions of dollars in ransom payments.
- Mitigation: Promoting a corporate culture that prioritizes security awareness can have a tremendously positive impact. Using software that regularly tests your employees with phishing and ransomware emails is highly recommended. Having a plan to respond to and recover from such attacks is also highly advisable.
Another known type of cyber security vulnerabilities are unpatched software that opens the door for attackers to exploit known security bugs on your systems that lack the proper patch. Adversaries typically perform probes on your network to detect unpatched systems so they can launch an attack.
- Impact: If your unpatched systems are compromised, it may mean data loss or destruction, disclosure to unauthorized parties and loss of access to data. In extreme cases, unpatched systems can provide complete takeover access to the attacker.
- Mitigation: Addressing unpatched software is simple in theory: Patch your systems. But you'll need proper patch management to ensure patches are deployed timely and effectively.
While misconfiguration may not immediately come to mind as one of the more frequent types of cyber vulnerability, Verizon's DBIR reports show they are just as common as social breaches and even more common than malware. Plus, they're shared across all industries. When systems run unnecessary services, provide too much access or are made vulnerable with settings like unchanged defaults, the risk of an attacker breaching your network increases.
- Impact: Attackers have many tools available to probe your vulnerable systems. If systems are compromised, attacks can be launched directly or indirectly. The more human errors present on your networks, the more access an attacker can have to your data.
- Mitigation: Proper patch management comes into play again here, as does robust security awareness and hiring IT staff with strong experience.
Weak passwords, compromised credentials and poor encryption
We all have too many passwords to remember. But until the day when other authentication methods, like password managers biometrics, entirely replace them, passwords in your organization cannot be weak. As computers get faster and hackers get smarter, the complexity of our passwords must adapt.
Attackers can also leverage compromised credentials to gain unauthorized access to your systems. Unencrypted or incorrectly encrypted communication between systems may be intercepted and exploited across different systems.
- Impact: Attackers may use different techniques to guess your weak passwords, such as brute force (trying unlimited combinations) or dictionary (trying preconfigured words and phrases) attacks, which can give them access to your systems or network.
- Mitigation: The best way to address this critical vulnerability is the enforcement of strong passwords and password management. Passwords should be more like passphrases and contain more than eight characters. Providing software to manage passwords (with a robust master password) is beneficial. Use multi-factor authentication and encryption whenever possible.
Your company uses a myriad of applications every day. But many of those applications contain cyber security vulnerabilities of which you may not be aware. An application vulnerability is a flaw or weakness somewhere in the application that may affect its security. Often, it is the result of insecure code.
- Impact: By exploiting an app's vulnerability, an attacker can compromise the confidentiality, integrity or availability of the app's resources.
- Mitigation: Should the application become unavailable, load balancing and traffic steering can mitigate the risk. Web application firewalls can help prevent malicious attacks or minimize the impact.
The malicious insider
Anyone with access to your confidential, sensitive or critical data could potentially exploit that access. A malicious insider could be an employee, vendor or third party. Disgruntled, compromised or recently terminated employees are the most likely offenders.
- Impact: Anyone with access to your critical systems could potentially steal, destroy or tamper with data, applications or services. This is especially true for privileged users and critical systems.
- Mitigation: Provide access to data and systems only to those who require it, and apply the principle of least privilege. Adopt the zero-trust model whenever possible. When offboarding employees, revoke access as soon as possible.