Vulnerabilities to Data
There are three main types of vulnerabilities to data ...
In this tutorial, you will take a look at each of these vulnerabilities.
There has been an increased use in computer systems. Environmental Vulnerabilities can affect ...
- Computer systems
Environmental vulnerabilities can be caused by natural disasters. These could include earthquakes, tsunamis/flooding and lightning strikes.
Natural Disasters can affect power which means means that the computer systems are unable to be used. Data and information stored on them will be inaccessible.
This will also affect internet access including access to the cloud.
Computer systems, equipment and cabling may be destroyed and the buildings they are stored in could be damaged. This could be caused by a tsunami or flood or earthquake tremors (which can damage storage devices making the data unreadable).
Lightning strikes can cause a surge or spike in power. The surge can affect how storage devices and computer systems operate.
Physical Vulnerabilities relate to the physical computer and storage devices. The most common vulnerability is theft which can be intentional or accidental.
Intentional Theft occurs when a break-in happens and the devices are stolen. Accidental theft can occur when an authorised user loses a device. The device is then found by someone else and may be returned or the contents can be used for illegal activity such as identity theft.
System Vulnerabilities relate to the running of the devices and computer system. These vulnerabilities include insecure software applications, weak passwords and insecure internet connectivity devices.
Insecure Software applications could be ones that have not been updated. Many software companies release patched and updated to close any vulnerabilities which might have been identified by the software vendors or the users of the software.
Patches and Updates can be installed automatically. When software is closing checks are made for any patches and updates. If patches are found these are installed automatically before the software is closed as normal (think about when Windows wants to install updates and restart).
Some software updates in real time. This means that updates are constantly checked for when a device is connected to the internet. This can be done automatically and the user does not have to remember to check.
The problem with manual updates is that the user can forget to install them. There could be a time delay between the update being released and it being downloaded by the user. If the updates are manually scheduled the computer system may be switched off.
If updates are not installed this increases the risk of a vulnerability and an attack.
Passwords should be strong. This means they follow these rules ...
- At least 8 characters—the more characters, the better
- A mixture of both uppercase and lowercase letters
- A mixture of letters and numbers
- at least one special character, e.g., ! @ # ? ] Note: do not use < or > in your password, as both can cause problems in Web browsers.
Weak passwords are ones that can easily be guessed by a cyber criminal. Examples of weak passwords could include children’s names, pet names and your house number.
Insecure Online Devices may not need a password to join a network. This can increase the vulnerability of the device and increases the risk of any device connected to the Wi-Fi network being accessed – or hacked.
The greatest vulnerability of any device or software is the User. All users need to be aware of vulnerabilities so they do not cause any issues. User security issues could compromise the security of the computer itself or the data and information stored on the device.
Social Engineering can be used to persuade users to part with information such as passwords, user names and other security information.
Vulnerability Testing can be carried out when a computer system is running and will test for any vulnerabilities in the system or the data. Steps can then be taken to close these before the system is attacked.
Print out this Page
Impact of Cyber Security Attacks