Verified Document

Access Single Most Important Cybersecurity Vulnerability Facing It Mangers Today Research Paper

Cyber Security Vulnerabilities Single Most Important Cybersecurity Vulnerability Facing IT Managers Today

Cyber Security Vulnerabilities Facing IT Managers Today

At present, computers link people to their finances through online banking and a number of many online applications that offer access to accounts. In addition, they provide a connection to a broad variety of information, including social media, for instance, Face book, YouTube and Twitter. Interconnectivity of the systems have made it possible for people to access various information, additionally, businesses have the capacity to leverage the internet as a part of their daily activities (Gotlieb and CDR, 2010). The government also utilizes the networked systems to manage public services. Weakness in a system occurs when a hacker is attempting to gain entry into a system.

Many of the vulnerabilities in cyber security occur because of human beings, hardware, software and connection points that offer entree to the systems. Other studies suggests that a security weakness is a flaw in software that can make it work contrary to how it should work, making it prone and result into successive. This makes the whole system prone to attacks (Gotlieb and CDR, 2010). Therefore, the software, which constitutes most of the instructions designed to make the system work, is a significant vulnerability that could lead to potential exploitation of the system.

Weaknesses in the software found in computers are substantial contributors to the cyber security issue. Additionally, the software development methods have shown the capacity to fail. Therefore, they lack to offer high quality, reliable and secure software that the IT systems need (H;Wang and C;Wang, 2003). It is important to identify that until now, software development is not a science or a discipline, and the development practice does not provide ways of reducing weaknesses exploited by attackers.

Insider Access

Insider access refers to the privileges that employees have in order to gain entry into an organization's system. Therefore, when these employees have the entry into an organizations database, especially when such access exceeds the descriptions of their work outline, they might abuse the access for malicious intentions. For instance, a university lecturer whose job outline requires them, only the capacity to alter the student contact information might take advantage of the access and maliciously alter the student's grade on the upgrade software (Erickson and Phillip, 2005). On the other hand, the organization may give their employee's privileges to access the organization's system and subsequently determine which program or what capacity an employee has towards that system. Therefore, the organization may create a local and administrator account.

The former will grant an employee a level entry to an individual system and decide privileges to run programs, install programs, access files, enable or execute services through the software. The latter will provide the highest level of access that further allows unrestricted access to create, delete, and modify folders and settings on a specific machine. Granting employee's unrestricted privilege through the administrator account comes with much vulnerability (Erickson and Phillip, 2005). This is because the employees have complete access and not restricted at any point. Therefore, they can install, delete or modify files and even manipulate software. In so doing, they make the software vulnerable to attacks. Although the organizations grant unrestricted access to some employees for valid reasons, this increases the threat of software compromise and inappropriate configurations.

Insider threat

Although many of cyber security violations come from the external environment, the internal setting may have a hand in software vulnerability. The inside threats begin with individuals found in an organization and may include employees, student interns and contractors. Although not all employees, student interns and contractors have bad intentions towards the said organization, some of them may have varying levels of malicious purposes. In regards to inside threats, we focus on malicious employees who have the capacity to initiate harm or software destruction (Whitmer, 2007). An example is an employee with IT proficiency and a mindset of hackers, and this individual is very dangerous owing to his expertise. Due to the expertise, this individual may have the capacity to bypass security and software to access vital information concerning the organization with an interest to revenge or get even.

This individual may hold a significant position in such an organization such as a system administrator's rank and has unrestricted access to major software in the organization. This means that the individual is clear and can roam freely through vital computer services and information concerning the organization. The second employee is the disgruntled employee. While the former is hard to identify, a disgruntled employee is easy to recognize. Such an employee is prone...

As a result, Caution is vital to recognize such an employee before they commit the intended crime. Some of the signs that such an employee display include;
Regular absence from the workplace

Alterations in temperament (mostly linked to personal crisis or from the family)

Frequent efforts to gain entry into unauthorized systems

Recognizable alterations in computer habit or configurations (may start working late nights)

Signs of financial constrains

An office romance goes sour

Voluntary resignation

Negative employee performance and satisfaction

Although the globe has witnessed technological development to the point that an average employee both from the state and private sectors, the background of sensitivity to cyber security is yet to advance to meet the erudition of accessible technologies. Nevertheless, the employees may lack simple proficiency or awareness to address issues concerning insider threats; this is because some security vulnerabilities arise from general lack of attention to common standard business activities rather than from a malicious purpose to cause violations (Whitmer, 2007). Many employees are not aware of the risks that may result from accessing an organization's IT resources. They work with such organizations desensitized to the magnitude of risks that may arise with even simple software services.

In addition, such employees may not have a realistic appreciation for the threats to the organization's network may result from random surfing while on a simple software process. On the other hand, employees work in a network-centric setting, which creates the potential that software downloaded to one computer has the capacity to infect several other computers on the same network. Although some organizations may have training and awareness practices, it is probable that these practices are inconsistent. Therefore, the employees may lack appreciation for cyber security vulnerabilities (Erickson and Phillip, 2005). Such employees may not understand the significance of updating anti-virus regularly. However, for untrained personnel it is not a matter of purposing to damage, but a matter of lacking adequate knowledge about cyber security. These and other insiders may lead to legal liability arising from things like copyright.

Vendor Support

During the software development phase, it is possible that software is not free from vulnerabilities. Therefore, vendors must focus on reducing the things that may make the software vulnerable. In addition, vendors who suggest their products are secure must provide evidence through testing. Vendors must illustrate their devotions to software security by putting resources in the right place (Safe Code, 2008). For instance, the vendors should compare their software to others of the same kind on the CVSS. Additionally, owing to the fact that it is necessary for vendors to publish information containing the general factor of CVSS, they should provide statistics concerning their own bugs on a regular basis.

Proprietary software refers to software sold under a license. Software owned by a single company solely controls all elements of its establishment and circulation. Research suggests that these types of software do not work as expected. Although, many organizations dealing in proprietary software have improved based on operational efficiency, they have failed to meet various technical and cultural requirements. Nevertheless, with this software, there is a single source for support, bug fixes, security support and regular upgrades (Evans and Layan-Farrar, 2009). However, proprietary software takes long to fix meaning that it is a primary source of vulnerability. This is because many of the organizations dealing in this software do it to make as much money as possible, meaning they can deliberately produce low quality software for selfish gain.

Attacks

Denial of Service attacks is serious and has irreversible risk to users, organizations and other internet resources. The objective of such attacks is to prevent entry to specific resources such as the web server. Although there are several defenses against these attacks, they are not dependable. Attackers achieve the attacks either through flooding or logic attack. While flooding DoS attack occurs through brute force, logic attack occurs through intelligent manipulation of vulnerabilities in the target system, such as an IP datagram that may result to a system crash because of a serious flaw in the operating system software (Chang, 2002). The availability of automatic software tools is a major reason why attackers opt for DoS attacks.

Another reason is that it is not possible to locate DoS attackers without far-reaching human relations. On the other hand, DDoS (Distributed Denial of Service) attacks are subsets of DoS attacks. DDoS is an approach used to attack a victim from several undermined systems. The former are central to similar mechanisms…

Sources used in this document:
References

Chang, R.K. (2002). Defending against flooding-based distributed denial-of-service attacks: A tutorial, IEEE Communication. Mag., 40(10), 42 -- 51.

Dimensional Research. (2008). The Risk of Social Engineering on Information

Technology. Retrieved from http://www.cigital.com/papers/download/ses.pdf

Erickson, K., & Philip, N.H. (2007). "A Case of Mistaken Identity? News Accounts of Hacker and Organizational Responsibility for Compromised Digital Records, 1980-2006." Journal of Computer Mediated Communication, 12 (4), 1229-1247
Safe code. (2008). Software Assurance: An Overview of Industry Best Practice. Retrieved from http://www.safecode.org/publications/SAFECode_BestPractices0208.pdf
Representing Chief information officers of the States. Retrieved from http://www.nascio.org/publications/documents/NASCIO-InsiderSecurityThreats.pdf
Cite this Document:
Copy Bibliography Citation

Related Documents

Cyber Security Most Important Cyber
Words: 2328 Length: 8 Document Type: Research Paper

The operating system faced these issues due to the lackluster approach from Apple to patch their software in time. As a result, it led to risking the data of personal users. It shows that irregularities in the patching of computers affected users adversely without any fault of their own (Daily Tech, 2012). In addition to that, the operating system of Apple is now considered as one of the most favored

Cyber Security Cloud Computing
Words: 1389 Length: 4 Document Type: Term Paper

Cyber Security/Cloud Computing Consider a recent cyber security breach (specific event) and address the following questions: Describe the circumstances involved Monster Com: Confidential information of 1.3 million job seekers was stolen and used in a phishing fraud Monster.Com, a United States online recruitment site reported in 2008 that hackers broke into the site using password-protected resume library. They used credentials that Monster Worldwide Inc. claims were stolen from some of its clients. Reuters reported

Cybersecurity As an Organizational Strategy an Ethical and Legal...
Words: 3101 Length: 10 Document Type: Research Paper

Cybersecurity as an Organizational Strategy: An Ethical and Legal Perspective Cybersecurity as Organizational Strategy Across the board -- in business, society, and government -- the promise of cyber capabilities are matched by potential peril. The cyber environment is never static, but it is perhaps most agile in response to the continual stream of emerging cyber threats and realized cyber attacks ("PCAST," 2007). Cybersecurity must be agile. The challenges that must be met

Cybersecurity Vulnerability Issues
Words: 2738 Length: 10 Document Type: Research Paper

Cybersecurity Vulnerability What are Vulnerabilities? Hardware attacks because of Vulnerabilities Hardware Data modification / injection The Scientist Argument Secure Coprocessing How organizations can best address its potential impacts Cybersecurity Vulnerability: Hardware Weakness This essay introduces the role that computer hardware weakness opens the door up for attack in cyber-physical systems. Hardware security -- whether for attack or defense -- is not the same as software, network, and data security on account of the nature of hardware. Regularly, hardware

Cybersecurity Recent Case Studies of
Words: 4325 Length: 16 Document Type: Term Paper

The level and sophistication of this attack on the Department of Defense's systems suggests that professionals conducted this attack with significant resources at their disposal and an interest in the national security secrets of the United States. The data mining operation was so successful that, while detected, still managed to make-off with a significant amount of information. Since the attack, the United States responded in a number of critical ways.

Cyber Security Ethical Issues Associated With Ransomware
Words: 893 Length: 3 Document Type: Case Study

Cyber Security Ethical issues associated with ransomware It is only natural that people who are known to you will send you messages through your email address. It is lost on me how those engaging in ransomware business access information about their potential victims like the email address as to send you messages that have been infected that when opened infect the whole computer. These people engage in irregular activities. For the residents

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now