Access Single Most Important Cybersecurity Vulnerability Facing it Mangers Today

Cyber Security Vulnerabilities Single Most Important Cybersecurity Vulnerability Facing IT Managers Today Cyber Security Vulnerabilities Facing IT Managers Today At present, computers link people to their finances through online banking and a number of many online applications that offer access to accounts. In addition, they provide a connection to a broad variety of information, including social media, for instance, Face book, YouTube and Twitter.

Interconnectivity of the systems have made it possible for people to access various information, additionally, businesses have the capacity to leverage the internet as a part of their daily activities (Gotlieb and CDR, 2010). The government also utilizes the networked systems to manage public services. Weakness in a system occurs when a hacker is attempting to gain entry into a system. Many of the vulnerabilities in cyber security occur because of human beings, hardware, software and connection points that offer entree to the systems.

Other studies suggests that a security weakness is a flaw in software that can make it work contrary to how it should work, making it prone and result into successive. This makes the whole system prone to attacks (Gotlieb and CDR, 2010). Therefore, the software, which constitutes most of the instructions designed to make the system work, is a significant vulnerability that could lead to potential exploitation of the system. Weaknesses in the software found in computers are substantial contributors to the cyber security issue.

Additionally, the software development methods have shown the capacity to fail. Therefore, they lack to offer high quality, reliable and secure software that the IT systems need (H;Wang and C;Wang, 2003). It is important to identify that until now, software development is not a science or a discipline, and the development practice does not provide ways of reducing weaknesses exploited by attackers. Insider Access Insider access refers to the privileges that employees have in order to gain entry into an organization's system.

Therefore, when these employees have the entry into an organizations database, especially when such access exceeds the descriptions of their work outline, they might abuse the access for malicious intentions. For instance, a university lecturer whose job outline requires them, only the capacity to alter the student contact information might take advantage of the access and maliciously alter the student's grade on the upgrade software (Erickson and Phillip, 2005).

On the other hand, the organization may give their employee's privileges to access the organization's system and subsequently determine which program or what capacity an employee has towards that system. Therefore, the organization may create a local and administrator account. The former will grant an employee a level entry to an individual system and decide privileges to run programs, install programs, access files, enable or execute services through the software.

The latter will provide the highest level of access that further allows unrestricted access to create, delete, and modify folders and settings on a specific machine. Granting employee's unrestricted privilege through the administrator account comes with much vulnerability (Erickson and Phillip, 2005). This is because the employees have complete access and not restricted at any point. Therefore, they can install, delete or modify files and even manipulate software. In so doing, they make the software vulnerable to attacks.

Although the organizations grant unrestricted access to some employees for valid reasons, this increases the threat of software compromise and inappropriate configurations. Insider threat Although many of cyber security violations come from the external environment, the internal setting may have a hand in software vulnerability. The inside threats begin with individuals found in an organization and may include employees, student interns and contractors. Although not all employees, student interns and contractors have bad intentions towards the said organization, some of them may have varying levels of malicious purposes.

In regards to inside threats, we focus on malicious employees who have the capacity to initiate harm or software destruction (Whitmer, 2007). An example is an employee with IT proficiency and a mindset of hackers, and this individual is very dangerous owing to his expertise. Due to the expertise, this individual may have the capacity to bypass security and software to access vital information concerning the organization with an interest to revenge or get even.

This individual may hold a significant position in such an organization such as a system administrator's rank and has unrestricted access to major software in the organization. This means that the individual is clear and can roam freely through vital computer services and information concerning the organization. The second employee is the disgruntled employee. While the former is hard to identify, a disgruntled employee is easy to recognize. Such an employee is prone to display his behaviors that show sign of a troubled IT ahead (Whitmer, 2007).

As a result, Caution is vital to recognize such an employee before they commit the intended crime.

Some of the signs that such an employee display include; Regular absence from the workplace Alterations in temperament (mostly linked to personal crisis or from the family) Frequent efforts to gain entry into unauthorized systems Recognizable alterations in computer habit or configurations (may start working late nights) Signs of financial constrains An office romance goes sour Voluntary resignation Negative employee performance and satisfaction Although the globe has witnessed technological development to the point that an average employee both from the state and private sectors, the background of sensitivity to cyber security is yet to advance to meet the erudition of accessible technologies.

Nevertheless, the employees may lack simple proficiency or awareness to address issues concerning insider threats; this is because some security vulnerabilities arise from general lack of attention to common standard business activities rather than from a malicious purpose to cause violations (Whitmer, 2007). Many employees are not aware of the risks that may result from accessing an organization's IT resources. They work with such organizations desensitized to the magnitude of risks that may arise with even simple software services.

In addition, such employees may not have a realistic appreciation for the threats to the organization's network may result from random surfing while on a simple software process. On the other hand, employees work in a network-centric setting, which creates the potential that software downloaded to one computer has the capacity to infect several other computers on the same network. Although some organizations may have training and awareness practices, it is probable that these practices are inconsistent. Therefore, the employees may lack appreciation for cyber security vulnerabilities (Erickson and Phillip, 2005).

Such employees may not understand the significance of updating anti-virus regularly. However, for untrained personnel it is not a matter of purposing to damage, but a matter of lacking adequate knowledge about cyber security. These and other insiders may lead to legal liability arising from things like copyright. Vendor Support During the software development phase, it is possible that software is not free from vulnerabilities. Therefore, vendors must focus on reducing the things that may make the software vulnerable.

In addition, vendors who suggest their products are secure must provide evidence through testing. Vendors must illustrate their devotions to software security by putting resources in the right place (Safe Code, 2008). For instance, the vendors should compare their software to others of the same kind on the CVSS. Additionally, owing to the fact that it is necessary for vendors to publish information containing the general factor of CVSS, they should provide statistics concerning their own bugs on a regular basis. Proprietary software refers to software sold under a license.

Software owned by a single company solely controls all elements of its establishment and circulation. Research suggests that these types of software do not work as expected. Although, many organizations dealing in proprietary software have improved based on operational efficiency, they have failed to meet various technical and cultural requirements. Nevertheless, with this software, there is a single source for support, bug fixes, security support and regular upgrades (Evans and Layan-Farrar, 2009). However, proprietary software takes long to fix meaning that it is a primary source of vulnerability.

This is because many of the organizations dealing in this software do it to make as much money as possible, meaning they can deliberately produce low quality software for selfish gain. Attacks Denial of Service attacks is serious and has irreversible risk to users, organizations and other internet resources. The objective of such attacks is to prevent entry to specific resources such as the web server. Although there are several defenses against these attacks, they are not dependable. Attackers achieve the attacks either through flooding or logic attack.

While flooding DoS attack occurs through brute force, logic attack occurs through intelligent manipulation of vulnerabilities in the target system, such as an IP datagram that may result to a system crash because of a serious flaw in the operating system software (Chang, 2002). The availability of automatic software tools is a major reason why attackers opt for DoS attacks. Another reason is that it is not possible to locate DoS attackers without far-reaching human relations. On the other hand, DDoS (Distributed Denial of Service) attacks are subsets of DoS attacks.

DDoS is an approach used to attack a victim from several undermined systems. The former are central to similar mechanisms as those of DoS attacks (Chang, 2002). However, for an attacker to accomplish an attack, they will need to execute DDoS software on many vulnerable computer systems. In DDoS attacks, the attacker will use numerous sources hosts to launch attack traffic to the target systems. Previously, DDoS attack software was deployed manually, but currently worms serve the purpose. In addition, DDoS attacks rely on three parties: an offender, helpers and victims.

In this case, the offender refers to the individual who plans the attack, and helpers refer to systems, which the offender has undermined to initiate attack against a victim (target). The offender commands the helpers to attack the victim's host at the opportune moment. Owing to these, such an attack is often a coordinated attack (Chang, 2002). DoS and DDoS attacks happen because of using vulnerable software on the systems and servers.

Therefore, attackers use known software vulnerability and security loops to undermine the servers in various networks either by executing viruses and Trojan horses to launch attacks. The social platform is a significant vulnerability because many attackers may provide personal information about a person unintentionally. In addition, it is not advisable to publish content on Face book, Twitter and other social platforms because attackers may use this information to attack.

The provision of automatic cross posting to other social media is dangerous because a person can intentionally share sensitive information, which people with bad intentions may use to execute an attack. When a person is using a public system, they should make sure they delete their passwords because some systems have software that can remember the password, which the attacker may later use for selfish gains. Social engineering is the violation of an organization's security by manipulating employees into disclosing confidential information.

This practice uses psychological tactics to increase trust, rather than utilizing technical cracking methods. Social engineering consist of scams such as acquiring password through pretence, leveraging social media to verify new employees more easily tricked into giving customer information, and any other effort to contravene security by using trust (Dimensional Research, 2008). In addition, it is possible for the inside threats to give out passwords in order to gain revenge. However, attackers who use social engineering do it for financial gains.

Social engineering attacks are very costly because the practice may lead to business disruptions, customer outlays, loss of revenue, system crash and software violations. Regulation and Governance Cyber security has become one of the primary concerns in today's digitized world because vital decisions made are central on information stored, and evaluated by software systems.