Nature Of Security Flaws

 

A threat refers to the potential to harm an organization's software or hardware components. This is just a general definition of threats in terms of IT security. We are looking at things that could harm our web application and destroy our data, or gain unauthorized access to our data and misuse that data, or damage our hardware components and we lose our data.

 

The overall concern is on data, businesses need to do a thorough inspection for possible threats to their organization. Perhaps this could be added to their S.W.O.T analysis because depending on the nature of industry businesses rely on the data they share across different platforms using websites, web applications, and IoT devices for them to thrive.

 

Some of the threats businesses face today include the following but not limited to,

 

 

These include incidences such as a Server Operating System crashing or an electrical fault in the server room that destroys the server itself. These are some of the threats which may occur without being calculated and businesses need to plan ahead of these occurrences.

 

It is a common business practice to always back up your data locally and to a remote location such that when some mishap occurs to the original server remote backups can always be restored and no data is lost at all.

 

 

Through the need of sharing data, employees may use storage devices such as external HDD or flash drives which may contain viruses. Worms and viruses are considered a threat because they could cause harm to your organization through exposure to an automated attack. In some cases, employees may want to install or download some online software for use in the office and they land on untrusted downloads which may contain malware from attackers. This malware may contain botnet commands that will harm the entire organization’s networked computers and may result in loss of data or some malicious activities to organizational data.

 

Organizations may make sure that all storage devices are scanned for malware and make sure that employees only make use of trusted devices. Furthermore, the organization must make sure that employee’s software requirements are pre-installed such that no personal downloads may be necessary. It is also good practice to ensure that a trusted Anti-Virus/ anti-Spyware software be installed on all organization machines such that the exposure to attacks is minimal or completely taken care of.

 

Data Breach 

 

A data breach refers to data exposed to the wrong hands. This may happen intentionally or unintentionally from insiders to outsiders.

 

Organizations should always make sure that they give their employees enough training in terms of handling data and tips on what to look out for in terms of forms of attacks that exist such that data is handled by personnel that is aware of the existing threats surrounding them.

 

 

Largely, this threat may involve some of the threats listed above. In present-day businesses, hacking happens to be the greatest threat of all. IT security is mainly about keeping data safe from attackers who intentionally write sophisticated programs, commands, or SQL statements to intentionally gain unauthorized access to targeted applications thereby destroying or manipulating business data.

 

There is a lot of ways attackers use to penetrate organizations' data which include SQL Injection, Command Injection, Code Injection, DDoS, and many more. Hackers normally look for vulnerabilities in an application or website and once they realize any, they make use of these loopholes to penetrate the organization's information thereby causing harm. Normally this threat points to how the source code of the application or website is written and hackers take advantage of any vulnerabilities to manipulate the organization and cause harm.

 

 

These are weaknesses on an application or hardware device which may be used as a gateway to cause harm. Vulnerabilities are mapped to a threat and if not revised or dealt with they may become a risk. Some vulnerabilities including but not limited to:

• No anti-virus software
• Untrained personnel handling sensitive data
• Insecure coding practices
• The insecure connection between organizational elements
• Substandard backup and recovery
• Poor network monitoring

All vulnerabilities may cause disrepute to the organization if not carefully mitigated. So businesses need to look at their threats carefully and after that scan, their applications for vulnerabilities as well as perform a vulnerability survey at all levels such that they ensure security is at its best levels.

 

Vulnerabilities are exploited depending on the nature of the vulnerability and motives of the attacker. The organization must test their applications and networks for any known vulnerabilities before exposing them for use as this could result in great loss or damage.

 

 

This is a combination of a potential threat and an existing vulnerability. For example, if you consider an organization's application that is to be used on the public internet before it is deployed the organization should put into account that there is an existing threat on the internet which is hackers. If the organization goes on to develop the application using poor coding practices, this maps to a usable vulnerability to hackers. Once deployed without any mitigations this web application can be said to be at risk of being attacked by hackers. Therefore the risk is a summation of underlying threats and vulnerabilities which may cause damage to businesses. Examples of risk include financial losses, loss of privacy, reputational damage, or legal implications. Reduce your potential for risk by creating and implementing a risk management plan.

 

When it comes to designing and implementing a risk assessment framework, it is critical to prioritize the most important breaches that need to be addressed. Although frequency may differ in each organization, this level of assessment must be done on a regular, recurring basis.

 

As mentioned before IT security is mainly concerned with data protection, hence there is a need for businesses to perform a risk analysis before deploying their systems to public networks or the public internet. They could also make use of the OWASP risk assessment checklist to view the amount of risk their business is exposed to.