Title : Technology Vulnerabilities and Threats

Posted by : Tariq Azmi | 2021-09-09


A threat and a vulnerability are not one and the same. A threat is a person or event that has the potential for impacting a valuable resource in a negative manner. A vulnerability is that quality of a resource or its environment that allows the threat to be realized. An armed bank robber is an example of a threat. A bank teller is an example of a valuable resource that may be vulnerable during a bank robbery. Bullet-proof glass between the robber and the teller denies the robber the opportunity to shoot the teller. The threat remains present, but one of its harmful effects (a gunshot) has been mitigated by a protection mechanism (the glass).

In system and network security, the threats remain present but are mitigated through the proper use of security features and procedures. Mitigation is any effort to prevent the threat from having a negative impact, or to limit the damage where total prevention is not possible, or to improve the speed or effectiveness of the recovery effort.

Hardware and software systems and the data they process can be vulnerable to a wide variety of threats. The selection of security features and procedures must be based not only on general security objectives but also on the specific vulnerabilities of the system in question in light of the threats to which the system is exposed. It is possible to over-protect, which only wastes resources and inconveniences users

Threats and vulnerabilities are intermixed in the following list and can be referred to collectively as potential "security concerns”

Now, that you have some idea about the threats and vulnerabilities, as a part of leadership team at an organization, here are list of questions to ask & answer.

  • What information do we manage?
    • Where is it processed and stored?
    • How critical is it to our products and services?
    • How sensitive is it?
  • Did we identify our Risk? Have we addressed those risk?
    • Do we have any controls in place?
    • How educated are our employees?
  • Do we have cyber breach response plan?
    • Do we have a Data Breach Prevention Strategy?
    • Have we tested Cyber breach response plan?
  • How do we protect sensitive information handled and stored by third-party vendors?
    •  Are you carrying out regular audits with all your vendors?
  • Do you have Cyber Insurance?
    • Do we have the right coverage?
  • Does your company have an incident response (IR) plan in place? If you answered yes: 
    • Does your IR plan contain the details for data breach notification guidelines for senior executives, company board of directors, and law enforcement?
    • Does your IR plan define your company policy for the payment of a cyber ransom? 

These are critical question that need to be answered, which will help you be prepared and most importantly mitigate threats and vulnerabilities of your organization.