This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

Vulnerabilities, Threats, and Exploits

Admin 04 Jul 2020

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

Vulnerabilities, Threats, and Exploits

Advancement in technology has increased vulnerabilities, threats, and exploits in business in both small businesses and Fortune 500 companies. Assets in information systems including property, people, and information among other intangible assets such as software, proprietary information are susceptible to threats and exploits. According to Panse & Panse (2013), assets are the things that are being protected from threats, exploits, and vulnerabilities. Threats refer to anything with the ability to exploit a vulnerability accidentally or intentionally in order to obtain an asset, destroy, or damage it. In other words, threats are the things that one is trying their assets against. Vulnerability is a gap or weakness in the security program that is capable of getting exploited by different threats in order to acquire unauthorized access to a particular asset. Risks in information systems often result when a threat exploits a vulnerability successfully; it is the intersection of threats, assets, and vulnerabilities that results in risks in the system which affects user confidentiality, reliability, and usability.

Vulnerabilities, Threats, and Exploits

Increasing insecurity in information systems has necessitated organizations to understand the existent relationship between threats, vulnerabilities, exploits, and resultant risks.

Threats

Threats are incidents or events with the potential to harm a particular system or the functioning of assets. Threats can be classified as natural such as hurricanes, floods, or tornadoes or can be intentional threats such as malware, spyware, adware companies (Amarasinghe, Wijesinghe,  Nirmana, Jayakody, & Priyankara (2019). Threats can also be classified under unintentional threats such as the occurrence of human error when an employee accesses the wrong information such as viruses mistakenly. Although these threats are influential in the loss of information and crucial data in information systems, Brauch (2010) explains that intentional worms such as viruses and worms are most common in technological assets and devices. These threats have greater repercussions owing to the fact that they cause exposure to automated attacks owing to innovative tactics of cybercriminals who invent creative mechanisms to compromise data.

Threats in information security can also include identity theft, software attacks, intellectual property, sabotage, and extortion of information. It is anything with the ability to take advantage of an existing vulnerability such as to breach security or cause harm to assets of interest. Threats in information systems can result from software attacks which refer to attacks by worms, Trojan horses, virus, or malware that can be divided into infection methods and malware actions (Suresh & Suresh, 2020). The main purpose of infection methods malware is to conceal themselves in software and appear authentic in order to manipulate the software when other operations are being executed (Brauch, 2010). Such inflection purpose malware includes viruses, Trojans, worms, and bots, among others. Malware that executes actions including adware, spyware, rootkits, scareware, and zombies, among others.

Vulnerabilities

One of the most common terms used for vulnerabilities is a “bug.” However, although most “bugs” are not inherently harmful, many of them can be utilized by nefarious actors such that they act as vulnerabilities. A security vulnerability is a flaw, weakness, or error that exists in the security system that can be leveraged by a particular threat age such as to compromise the security of a network system (Suresh & Suresh, 2020). Vulnerabilities are those that are leveraged such as to force the software to behave in a manner that is not intended such as acquiring information on security defenses. Bugs that have been determined as a vulnerability get registered as a common vulnerability after which it is assigned a Common Vulnerability Scoring System (CVSS) to showcase the potential risk that the vulnerability can introduce to the organization. Penetration testing should be undertaken to determine the weakness and fix the problems to avoid the consequences of exploitation. Examples of vulnerabilities include SQL injection, broken authentication, cross-site scripting, and security misconfiguration.

Broken Authentication: This situation often results when authentication credentials get compromised such as user identities and sessions can get appropriated by malicious individuals who pose as the original user.

SQL Injection: This vulnerability is considered amongst the most common vulnerabilities in that it attempts to access database content through malicious code injections. Successful injection enables attackers to spoof identities, steal sensitive data, and participate in other harmful activities.

Cross-Site Scripting: This vulnerability often injects malicious codes into the website just like a SQL injection. However, cross-site scripting is different in that it attacks target website users instead of attacking the actual website. As such, user information is often put in a position where it is at great risk of theft.

Security Misconfiguration: This is a component that is often leveraged by cybercriminals as a result of an error in configuration or failure to implement essential security controls in the server or web application.

Exploits

Exploits in information systems refer to a code that often takes advantage of an existing software flaw or vulnerability. Cybercriminals often take advantage of vulnerabilities to exploit a system such as access networks or essential information. As Suresh and Suresh (2020), exploit can be explained as a step that a hacker employs after finding a vulnerability or the manner in which hackers leverage existing vulnerabilities. Additionally, an exploit can be considered as a command, software, code, or an entire kit that is often utilized to access systems or networks. Exploits are often written by malicious actors or security researchers to serve as proof of their concept of the existent of threat. In special circumstances, exploits are often used in a multi-component attack to drop or insert another malware such as spyware or backdoor Trojans in order to steal information from the network or infected system.

Exploits that are employed to attack identified but not patched vulnerabilities are called zero-day exploits. Exploit kits are often used by cybercriminals to undertake exploits that target applications and add-on functions in order to launch an attack. Virtual patching is a mechanism of mitigating exploits that works on the basis that exploits tend to adopt a definable path from and to a particular path in order to take advantage of a software flaw. It is thus possible to create various rules at the network layer in order to control the inherent communication with a particular target software. As Issa-Salwe & Ahmed (2011) explain, scanning traffic for all the adopted protocols helps to prevent exploits from undertaking the task they are set to do.

Impact of Threats and Vulnerabilities

Threats and vulnerabilities in the information systems often affect organizational performance in relation to reliability, usability, confidentiality, and entirety.

  • Reliability: Organizations often lose reliability as a result of inefficiency in the computer system caused by vulnerability and threats.
  • Confidentiality: Threats cause the loss of confidentiality in user information as a result of getting accessed by unauthorized parties.
  • Entirety: Threats and vulnerabilities make it easy to forge, tamper, or delete information when storing or undertaking other operation.
  • Usability: Threats reduces the ability of users to enjoy the services provided by the networks and computers.

Mitigation Strategies

One strategy that organizations can implement to reduce the risks caused by threats and vulnerabilities is through endpoint security that may vary from antivirus and firewall, among other security softwares (Gao et al., 2013). This approach is a centralized methodology of protecting all endpoints in the information systems such as laptops, smartphones, and servers that are connected to the IT network from the danger of cyber threats. This methodology is an efficient mitigation strategy in that it enables efficient, effective, and easy security management.

Conclusion

Failure to control exploits results in risks which are a function of the threats in exploiting the vulnerabilities in order to acquire or destroy the assets. However, although threats may exist in the system, risks may not be inherent if vulnerabilities are not existent. In the same manner, although the system may have a vulnerability, the asset may not have risks if threats are non-existent. It is thus important to assess threats and the characteristic vulnerabilities in order to understand risks in the information system. The main step in preventing risks is to understand the differences between threats, exploits, and vulnerabilities.

 

References

Amarasinghe, A. M. S. N., Wijesinghe, W. A. C. H., Nirmana, D. L. A., Jayakody, A., & Priyankara, A. M. S. (2019, December). AI-Based Cyber Threats and Vulnerability Detection, Prevention, and Prediction System. In 2019 International Conference on Advancements in Computing (ICAC) (pp. 363-368). IEEE. 10.1109/ICAC49085.2019.9103372

Brauch, H. G. (2010). Security threats, challenges, vulnerability, and risks. PEACE STUDIES, PUBLIC POLICY AND GLOBAL SECURITY–Volume I, 102.

Gao, Y., Peng, Y., Xie, F., Zhao, W., Wang, D., Han, X., … & Li, Z. (2013, October). Analysis of security threats and vulnerability for cyber-physical systems. In Proceedings of 2013 3rd International Conference on Computer Science and Network Technology (pp. 50-55). IEEE. 10.1109/ICCSNT.2013.6967062

Issa-Salwe, A. M., & Ahmed, M. (2011). Risk management of an information system by assessing threat, vulnerability, and countermeasure. International Journal of Research and Reviews in Computer Science2(1), 111. https://search.proquest.com/openview/0bed6cd83cc7918ff6e8a20a3f9c6c8f/1?pq-origsite=gscholar&cbl=276284

Panse, T., & Panse, P. (2013). A survey on security threats and vulnerability attacks on bluetooth communication. International Journal of Computer Science and Information Technologies4(5), 741-746.

Suresh, M., & Suresh, M. (2020). Vulnerability, threats, and attacks in E-Payments System: Security Solutions. International Journal of Psychosocial Rehabilitation24(4).

 

 

 

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2019
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask