This paper examines risk management strategies for the top cybersecurity threats, categorizing risks into two main areas: client-side application flaws and website vulnerabilities. It discusses how attackers exploit popular software applications through email attachments and malicious documents, and recommends mitigation strategies such as regular patching, antivirus programs, and intrusion detection systems. The paper also analyzes website-specific threats — including SQL injection, cross-site scripting, and PHP remote file attacks — explaining how each works and how developers can defend against them. The conclusion notes the interconnected nature of both threat categories and emphasizes the shared responsibility of software makers, web developers, and end users in maintaining cybersecurity.
Risk management is the process of identifying, assessing, and prioritizing risks. After risks are identified, the next step is to use available resources to reduce, monitor, and control the likelihood of those risks occurring again. Cybersecurity risks can be categorized into two main types: website vulnerabilities and client-side application flaws. In risk management, high-impact risks with a high probability of occurring should be addressed first, while risks with low impact and low probability should be addressed last.
The applications installed on a person's computer may contain certain vulnerabilities that can be exploited by attackers. Attackers typically target popular applications such as Microsoft Word, Adobe Reader, Flash Player, and Apple QuickTime. These applications have serious security flaws and need to be patched regularly to ensure those flaws are corrected. Some software applications have security flaws for which manufacturers never release patches, leaving their users vulnerable to attacks (Hansen & Nissenbaum, 2009).
Many people fall victim to application attacks because even major companies take too long to release patches to fix known problems. Attackers commonly send emails requiring recipients to open file attachments, and in doing so the recipient's computer becomes infected. Another method attackers use is placing malicious documents on popular websites. These documents contain embedded code targeted at vulnerable applications.
To counter this risk, computer users should ensure their applications are fully patched whenever a security flaw has been reported, and should update their software on a regular basis. Users should avoid clicking on links they are uncertain about, and should not download documents from emails or websites before scanning them. Computers should have the latest antivirus, antispyware, antimalware, and intrusion detection programs installed to protect against attacks on computer applications. It is also advisable to use programs that can detect and remove keylogger applications that might be installed without the user's knowledge. Software makers should ensure that once a security vulnerability is discovered, they promptly release a security patch to update the application and fix the vulnerability.
There is a category of threats referred to as zero-day vulnerabilities. These vulnerabilities occur when a flaw in an application is discovered before a security patch is available. Attackers release code that exploits the vulnerability until a fix is issued or users find ways to mitigate the flaw.
For organizational computers, it is recommended that the organization conduct its own application vulnerability assessment. This assessment will help the organization anticipate and counter threats it may face. In addition to this assessment, organizations should have antivirus software, strong firewalls, antimalware, intrusion prevention systems, and antispyware programs installed on all organizational computers (Anandarajan, 2002). These programs will prevent attacks from occurring.
"SQL injection, cross-site scripting, and PHP attacks"
Website vulnerabilities and client-side application flaws can be considered together. A majority of the attacks that affect client-side applications originate from websites, when a visitor downloads a document or file containing malicious code. Additionally, a majority of website attacks are ultimately aimed at site visitors — either to attack their computers directly or to access their sensitive data stored on a website's server. It is therefore essential that website developers ensure their websites are secure and cannot be exploited as vectors for attack.
You’re 47% through this paper. Sign up to read the remaining 1 section.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.