With the growing dependence on technology, organisations must take steps to protect their sensitive data and systems from potential threats. Knowing what common business security vulnerabilities exist is key in establishing a secure defense against costly cyberattacks or breaches.
The Most Common Business Security Vulnerabilities
Top 10 Business Security Vulnerabilities To Be Aware Of
In this blog we will explore some of the most common and important vulnerabilities that exist to ensure that we’re effectively securing our data, some of which you may not even have thought about.
How much do you know about your security posture? Do you have up to date network diagrams? Do you have a baseline of what communications between devices should look like to identify abnormal activity? Do you follow the principle of least privilege with your user’s access to data? Is all data stored and transported securely? These are all important questions to ask ourselves when evaluating just how secure our business is.
So what are some of the most common business security vulnerabilities?
Misconfiguration
Misconfigurations in the deployment of infrastructure or tools can leave massive holes in your security. Some systems are simply deployed with default settings and forgot about, however having this default configuration can be a massive security risk. A public facing server with a port open that does not need to be open can be a major vulnerability.
This doesn’t solely apply to new systems, with the ever-changing nature of cyber security new exploits and vulnerabilities are being found daily. Regular review of these systems should also be done to guarantee they are secure with proper settings applied for optimal protection against potential threats.
Outdated Software and Unpatched Systems
Outdated software and unpatched systems present a large security risk. Oftentimes bugs and vulnerabilities are discovered in software and a patch is made available. The more critical the system or service, the greater the potential for exploitation is. However oftentimes these vulnerabilities are present in our critical systems that we cannot afford the downtime to patch.
Take for example the ransomware WannaCry, this was a worldwide problem where the patch was available 2 months prior to the attacks. Yet this impacted more than 200,000 machines. Keeping up with updates and having an efficient patch management plan in place helps decrease potential risks of cyberattacks or incidents involving breaches of sensitive information.
Weak or Stolen User Credentials
Brute force attacks are prevalent because they will eventually work. The biggest safeguards to defend against these attacks are to ensure the use of long passwords and ensuring an adequate account lockout policy is being enforced. The simple reason for this is that short passwords take significantly longer to crack over short complex ones.
For example “This_is_a_very_secure_password” evaluated against Bitwarden’s password strength tool states an estimated time to crack of “centuries” versus the password of “1N53CuRe!” which is estimated to be cracked in 11 minutes. Encourage users to use long passwords to ensure password security.
Malicious actors may also trick their victim into providing their password using credential harvesters through phishing emails or a variety of other tools. Individuals may also have other account information leaked and the user uses the same password across multiple services that may be available to purchase on the dark web. There are a large number of threats to contend with. To decrease the chance for this risk happening, organisations need effective password policies and consider using MFA which considers users’ input in its authentication process.
Access Control
The principle of least privilege refers to only providing users with the necessary permissions and access in accordance with their job requirements. This ensures that critical data is exposed to as few avenues as possible in the occurrence of a compromise. A review of employees’ permissions and privileges should be run regularly to ensure that all secure data remains secure. Alongside this, data should be classified and categorised to ensure that we know what data is valuable to the company.
Insider Threats
Insider threats, both intentional and unintentional, are also a cause for concern. This can range from a begrudged ex-employee who has not had their permissions revoked, to an employee accidentally sharing confidential information or data. It becomes necessary that organisations have measures and policies in place to offboard employees and that confidential information is kept confidential and secure. A data loss prevention (DLP) tool can be used to look for specific markers, such as credit card information, social security numbers, and the like and overwrite them should they be sent externally to ensure confidentiality.
Secure your organisation
from cyber security threats
Data Security in Transport and at Rest
Data security both in transit and rest should also be a consideration for all companies to ensure security. If an employee has their work device stolen, what measures are in place to ensure that company information is secure? Alternatively, how is confidential information communicated over your network and what measures are in place to ensure that it is not exposed? Full disk encryption can help secure your physical assets and ensuring that strong cryptographic keys are being used for network communications will assist in lessening the risk of this vulnerability.
Zero-day Vulnerabilities
Zero-day vulnerabilities are vulnerabilities that have been disclosed but no patch is yet available or a vulnerability that is discovered by malicious actors prior to the knowledge that it even exists. These are particularly harmful as there is no intelligence that this vulnerability exists or how to mitigate it, after all how can you combat a risk you don’t know exists? To effectively defend against this, detection of any abnormal activity is a must. An endpoint detection and response (EDR) tool can help provide visibility into any abnormal activity from applications. As these flaws are hard to detect, taking preventive measures is critical for organisations to stay secure.
Social Engineering Attacks
Social engineering refers to the use of human behaviour and manipulation tactics to trick a victim into acting against the business’s best interests. With phishing being the most utilised and easiest way to infiltrate a network, ensuring that adequate protections are in place is necessary.
Regular employee training should be taken to ensure that individuals are aware of the threat that this poses, and mailbox rules should be put in place to ensure that users are aware of any externally received emails to mitigate this threat.
For more information on reducing risks, please check out our blog post on security awareness training.
Mobile Device Vulnerabilities
At Aspire we have noted the rise of phishing emails containing QR codes targeting an individual’s mobile device. These can be particularly troublesome as they target mobile devices that may be used to provide multi-factor authentication (MFA) to authenticate a user.
Alternatively, mobile applications readily available to download may contain malicious code that allows unauthorised access to valuable data. Establishing and enforcing measures designed for mobile devices (e.g., Mobile Device Management tools and security policies) can help guard digital assets from these vulnerabilities and fortify their protection against potential threats.
Known Exploited Vulnerabilities
The first step in understanding our security posture is to evaluate it, without proper knowledge as to the attack surface we cannot adequately protect critical services. A vulnerability management program is designed to detect, assess, prioritise and address security vulnerabilities in order to protect businesses from cyber threats. This program seeks to develop an extensive strategy for remediation or reducing identified weaknesses while also boosting the general security posture by recognising potential risks posed to the organisation.
The CISA webpage hosts a number of known exploited vulnerabilities that we should compare against the vulnerabilities presented by a vulnerability scan as these are known to be exploited by malicious actors.
Summary
In summary, there are many common business security vulnerabilities that may affect your business. Maintaining awareness of and proactively safeguarding assets is crucial in protecting your company from data breaches and cyber-threats. A structured vulnerability scanning and management plan, complimented by appropriate security tools will establish a strong foundation for safeguarding against known vulnerabilities and securing important data.
It is crucial to remember that any security weakness that has the potential to be exploited can impact an organisation’s overall security posture. Understanding the importance of staying informed about current cybersecurity trends and threats as well as ensuring that adequate detection capabilities exist to alert to any abnormal behaviour will ensure the security of your business moving forward.
Frequently Asked Questions
-
What are the 4 main types of security attacks?
Security vulnerabilities encompass four main categories: network vulnerabilities, operating system/application vulnerabilities, human vulnerabilities, and procedural vulnerabilities. These weak points in security can be exploited through various means, such as distributed denial of service (DDoS), attacks that attacks the availability of a service, or man-in-the-middle attacks, potentially attacking the integrity and confidentiality of information. Additionally, they can manifest as email threats, password-related issues, or malware infections.
-
What are the vulnerabilities of a business?
Businesses are vulnerable in a multitude of key areas, we usually categorise these by using the CIA triad (confidentiality, Integrity, and availability). Confidentiality considers that our sensitive and confidential information stays confidential, an attack against this may be a data breach or unauthorised access. The next is integrity, which refers to the completeness and accuracy of data. If an attacker can delete logs to hide an attack, this would be a breach of integrity. The last is availability, simply put, that our data is available to the people it needs to be. An example of this would be a Distributed Denial of Service (DDoS) attack that can bring down a critical service.
-
How can organisations address vulnerabilities?
The first step to addressing vulnerabilities is to know what vulnerabilities exist. A systematic approach to vulnerability scanning should be the first point of call for any business. From this knowledge of what vulnerabilities exist we must then proceed to risk management and contextualise the risk and vulnerabilities that are present. The decision to remediate, accept, mitigate, or transfer this risk would then be made.
To address other security concerns, adequate training of staff in security threats should be prioritised along with a detection capability, such as an endpoint detection and response solution, should be adopted to address any abnormal behaviour.
-
What security tools should businesses consider?
To determine what security tools a business should consider we must first take into consideration where and what our valuable data and services are. From there we should use an appropriate model to ensure adequate protection. For example, the defense in depth info-centric model is focused around protecting crucial data, implementing several different layers to ensure adequate protection. These control layers may include physical (Fences, locks, CCTV), Technical (Firewalls, EDR solutions, Encryption), and administrative (policies, procedures) to ensure that multiple layers of defense ensure the protection of our valuable assets.
Jamie Egglestone
