Is Your Business Protected From These 8 Common Types of Cybersecurity Vulnerabilities?

One of the most problematic elements of cybersecurity is the quickly and constantly evolving nature of security risks. Your organization needs to stay on top of the latest risks and cybersecurity vulnerabilities to prevent an incident, such as a data breach, from occurring.

cyberattacksIn order to know how to protect against cybersecurity risks, it is important to understand what is meant by a vulnerability and what are some common types of vulnerabilities.

What is a vulnerability?

A vulnerability is a system susceptibility or flaw. An exploitable vulnerability is one for which at least one working attack or “exploit” exists. Although cybersecurity is in the news a lot nowadays, the concept has been around since computers were first linked together in the 1960s.

Do you know these common cybersecurity vulnerabilities?

1. Backdoors

A backdoor in a computer system is any secret method of bypassing normal authentication or security controls. They may exist for any number of reasons, including by original design or from poor configuration. They may have been added by an authorized party to allow some legitimate access, or by an attacker for malicious reasons.

2. Denial-of-service attack

This is a common attack in today’s environment. Denial of service attacks (DoS) are designed to make a machine or network resource unavailable to its intended users. Attackers can deny service by overloading the capabilities of a machine or network and block all users at once. While a network attack from a single IP address can be blocked by adding a new firewall rule, many forms of Distributed denial of service (DDoS) attacks are possible, where the attack comes from many points – and defending is much more difficult.

3. Ransomware

Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.

In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem and difficult to trace. Digital currencies such as Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

4. Spoofing

This vulnerability is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Examples of spoofing include:

  • CEO request for copies of all W-2s
  • CEO request for wire transfers out of the country
  • Vendor request for change of remittance address
  • Request by prospective donor or vendor (including CPAs) to review attached tax or account information

5. Privilege escalation

This is a situation where an attacker with some level of restricted access can, without authorization, elevate their privileges or access level. For example, a standard computer user may be able to fool the system into giving them access to restricted data or even to “become root” and have full unrestricted access to a system.

6. Social Engineering

This attack aims to convince a user to disclose secrets such as passwords, card numbers, or other personal information by impersonating a company or person, such as a bank, a contractor, a customer, or IT support person.

7. Phishing

This is an attempt to acquire sensitive information such as usernames, passwords, and credit card details directly from users. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. This can also be considered a form of social engineering. Phishing is also expanding to voice and texting as well.

8. Clickjacking

This is a technique used to hijack keystrokes. Carefully drafting a combination of stylesheets, iframes, buttons, and text boxes, a user can be led into believing that they are typing the password or other information on some authentic webpage while it is being channeled into an invisible frame controlled by the attacker.

How can you prevent a cyber attack on your business?

Make sure your business isn’t the next news headline about another cyber attack. It’s important to evaluate your cybersecurity program and conduct a risk assessment. This includes:

  1. Understanding what systems and data exist within the organization
  2. Selecting a risk framework to use for the risk analysis
  3. Developing complementary policies and processes to help manage the cybersecurity risk

Buchbinder Information Technology Solutions (BITS) is designed to do just that. BITS helps clients assess inherent and residual cybersecurity risks to their organizations. Contact us today to discuss your specific situation.

Join Our Newsletter

Sign up to receive exclusive newsletters with the latest information affecting you and your organization.

Posted in