Cyber Vulnerabilities and Threats facing the Internet Technology
Name
Institution
Cyber Vulnerabilities And Threats Facing The Internet Technology
Introduction
In PC security, defenselessness is a shortcoming which can be misused by an outsider, to perform unapproved activities inside a PC framework. To misuse shortcoming, an attacker must have in any event one proper gadget or method that can associate with a framework shortcoming
In the recent past, extremely rapid development has been witnessed in the information technology sector. As more businesses and organizations continue to rely on the internet and IT systems, the threats they face continue to grow more complex and varied. While it has been assumed for a long time that risks are mostly technical, it is becoming more apparent that these threats go beyond just the technical aspects of IT, like software and hardware. For instance, Safianu, Twum, and Hayfron-Acquah (2016 p.145) have explored the role of employee or humans and their activities in causing these threats.
Vulnerabilities are the weaknesses in a system that can be exploited by attackers, often leading to a severe impact (Jouini, Rabai & Aissa, 2014 p.337). These vulnerabilities often lead to the occurrence of a threat, mainly when a threat agent uses a penetration mechanism to bring about unpleasant effects in a system. To effectively mitigate the risks to internet technology, vulnerabilities, and threats must be known. Therefore, an in-depth discussion of the dangers and their potential impacts is necessary. This essay will do just that while focusing on the various types of threats accruing from different areas such as hardware, software, stored data, and human activities.
Human Threats and Vulnerabilities
Research reveals that despite the several attempts that have been made to mitigate threats to IT systems, especially in the form of software- and hardware-oriented solutions, attacks continue to occur unabated. This gap continues to exist because organizations often fail to address the human role in the emergence of system vulnerabilities. The fact is that information security is not solely a technical problem. Human factor vulnerabilities are major acts committed without malicious intent by the system user but often leads to a leeway that can be exploited by malicious or unauthorized persons. Safianu, Twum, and Hayfron-Acquah (2014 p.453) performed an experiment that involved assessing the number of people that would click on links from unverified senders. They found out that 49.52% of their participants readily followed a link that asked them to download updates for their respective devices. Consequently, 42.85% followed a link from unverified websites that requested them to change their credentials (Safianu, Twum & Hayfron-Acquah, 2016 p.113).
Sending unverified links to unsuspecting users is one of the ways through which online attackers use to exploit the human factor in systems. Phishing attacks and social engineering methods of attack take advantage of this vulnerability the most. Therefore, going by the research mentioned above, nearly half of employees in organizations might expose their company system to attacks by clicking on links from unauthorized websites.
Another human-induced vulnerability is the use of weak passwords as well as the use of inappropriate login and logout procedures (Safianu, Twum & Hayfron-Acquah, 2016). Very few people using systems in organizations change their passwords unless prompted by the system to do so. This is dangerous in the sense that attackers who use key logging, among other various means, can easily capture the user’s password. Regarding the issue of password strength, research shows that a significant number of people have straightforward passwords (Safianu, Twum & Hayfron-Acquah, 2016). Consequently, others use the same password across various platforms, which they sometimes share with their friends. Such acts are prone to leave the systems exposed to cyber-attacks.
One thing to note is that for any attack to take place in a system, a certain degree of social engineering will have taken place that reveals a small piece of the puzzle. A person may have dropped their security key somewhere, one may have misplaced a credit card or ID with sensitive credentials or a security card may have left a person without proper clearance into a server room. All these situations contribute to the occurrence of vulnerability in a system.
Hardware Vulnerabilities and Threats
It has been discovered that most of the hardware vulnerabilities are often software-based. One of the main factors that contributed to the hardware vulnerabilities is the use of old hardware such as PCs, laptops, and notebooks. The older hardware used by organizations lacked built-in security features such as Unified Extensible Firmware Interface, Secure boot protocols, intuitive BIOS with self-healing capabilities, pre-boot authentication, and self-encrypting drives. With the current fast-paced evolution of computer threats, lack of such basic yet fundamental groundwork for computer protection leaves the system extremely vulnerable to even the simplest of attacks.
Features such as the secure boot, which now come standard in Windows 8 and later versions, blocks the infiltration of malware into the system during the booting process.
The pre-boot authentication, often replaced with a Trusted Platform Module (TPM), is yet another form of protection that the newer hardware brings with them (Smith & Zimmer, 2012). These play a crucial role in protecting the computer during the boot process right before the operating system, and its resources are booted. Old hardware that is still present in some of the business and organization systems lacks these devices and therefore faces critical hardware vulnerabilities. Besides that, old routers, particularly those that are distributed to customers by ISPs, contain fatal flaws that can be exploited by attackers remotely. An example of such defects is the directory traversal that occurs in the web pros.cgi and can be used to access crucial configuration data from the network (Szewczyk & Macdonald, 2017). Research reveals that by using the directory traversal vulnerability in old routers, attackers can access a file containing password hashes, client-server credentials for remote management procedures, and even the password of the configured Wi-Fi (Szewczyk & Macdonald, 2017). Therefore, it cannot be stressed any further the importance of addressing hardware vulnerabilities in systems.
Software Vulnerabilities
Software vulnerabilities are flaws, weaknesses, or errors in a system that a malicious person can exploit to affect how the system behaves (Jimenez, Mammer & Cavalli, 2009). One of the principal vulnerabilities associated with the software includes unpatched servers and software. Legacy software is often prone to attacks such as the Remote Desktop Protocol and distributed denial-of-service attacks. So how does this happen? Attackers come up with viruses every day that target software vulnerabilities in the system. Such viruses may target shortcomings in the software’s code, which the programmers may have failed to address (Jimenez, Mammer & Cavalli, 2009 p.143). On the other hand, software manufactures patch up the exploits in their software to withstand the attacks better. However, most organizations, as research reveals, fail to get the software patches and are running the legacy software (Jimenez, Mammer & Cavalli, 2009 p.150). This leaves them vulnerable to soft-ware oriented attacks.
Another source of vulnerabilities in software has emerged from the method of input used by the system. Depending on the number of users of the system, most software often fails to process inputs correctly before handing them over to the system for further manipulation and processing. In that regard, exploits occur in different forms, including buffer overflow, cross-site scripting, and SQL injection. A buffer overflow occurs when the amount of input written is larger than the bandwidth that the system can typically accept (Jimenez, Mammer & Cavalli, 2009). This results in some data being written beyond the boundaries of the defined bandwidth, which may cause the system to be coarse and lose valuable data. Cross-site scripting, commonly known as XSS, is yet another vulnerability that involves the insertion of code into pages being requested by other users (Jimenez, Mammer & Cavalli, 2009 p.165). The attacker then uses phishing techniques to steal the user’s identity and even leave the connections exposed to the entire internet.
`Finally, SQL injection, a rather common form of threat, involves inserting code aimed at collecting data in web-based databases. This usually occurs when the input method is not screened or handled the correct way. There are all these different vulnerabilities and threats. Organizations must invest in software patches and updates alongside their regular security programs for better results. They also have a role in training their employees on best practices for maintaining system security. Finally, an upgrade to the latest hardware will provide a basis for the implementation of tougher security software and programs.
Mitigation measures
In the occasion a digital assault gets through your barriers, you should have an arrangement set up to assistance lessen reaction time and impromptu expenses, yet additionally to secure your notoriety. The best moderation methodologies for digital assaults are methodical. Along these lines, a cyber-security episode reaction plan has gotten fundamental for the present private companies. In the event that one speculates an assault reaction plan ought to incorporate the execution of mechanized security instruments to screen and identify malevolent movement. At the point when the achievement of digital assault remediation and alleviation is estimated dependent on how rapidly you can recognize an assault, it’s smarter to depend on computerization.
Conclusion
Internet and IT threats they continue to grow more complex and varied as people and organizations increase their usage. Despite the several attempts that have been made to mitigate threats to IT systems, especially in the form of software- and hardware-oriented solutions, attacks continue to occur with an alarming rate. Most of the hardware vulnerabilities are often software-based. One of the main factors that contributed to the hardware vulnerabilities is the use of old hardware such as PCs, laptops, and notebooks.In case one suspects a threat,they should act quickly to expel the threat by contacting an expert who can uncover the inconsistencies within the network.
References
Jimenez, W., Mammar, A., & Cavalli, A. (2009). Software vulnerabilities, prevention and detection methods: A review1. Security in Model-Driven Architecture, 6. Retrieved from file:///C:/Users/user/Downloads/Software_Vulnerabilities_Prevention_and_Detection_.pdf
Jouini, M., Rabai, L. B. A., & Aissa, A. B. (2014). Classification of security threats in information systems. Procedia Computer Science, 32, 489-496. Retrieved from file:///C:/Users/user/Downloads/Classification_of_Security_Threats_in_Information_.pdf
Safianu, O., Twum, F., & Hayfron-Acquah, J. B. (2016). Information System Security Threats and Vulnerabilities: Evaluating the Human Factor in Data Protection. International Journal of Computer Applications, 975, 8887. Retrieved from https://pdfs.semanticscholar.org/1194/c2ae430161b1be32687ea3a86249742da894.pdf
Smith, N., & Zimmer, V. J. (2012). U.S. Patent No. 8,201,239. Washington, DC: U.S. Patent and Trademark Office. Retrieved from https://www.uspto.gov/sites/default/files/documents/fy18pbr.pdf
Szewczyk, P., & Macdonald, R. (2017). Broadband router security: History, challenges and future implications. Retrieved from https://commons.erau.edu/cgi/viewcontent.cgi?article=1444&context=jdfsl
