In general, Vulnerability, Cyber Attack and Data Breach seem different. However, they are co-related with each other. Attackers find vulnerability in software or application, later on attackers easily corrupts the software or system and steals confidential information. If we broadly consider the vulnerability concept, then it could have many reasons that welcome attackers to corrupt the system.
Now let us start with understand what does vulnerability includes and discuss about its classification.
1. What Vulnerability includes:
Vulnerability includes incorrect configuration of the system, weak password and unpatched software. The other reasons for vulnerability may be untrained users, improper operational procedure, imperfect security measures, lack of BYOD policy implementation etc. Vulnerability defines system susceptibility, system access and exploits the system by attackers. Organizations should keep vulnerability management that includes identifying, classifying, and mitigating vulnerability.
Classification of Vulnerability:
From the above discussion, we are sure that vulnerability can be found in many ways. However, a proper category classification is available as under.
- Hardware: You may find vulnerability due to unprotected storage in hardware system.
- Software: Software requires timely testing and audit trail. However, in the absence of proper testing and audit, there may emerge vulnerability in software.
- Network: If your network architecture is not fully protected, it may cause vulnerability, therefore the data should be encrypted among communication channels in the network. Organizations should carry regular audits of network system.
2. Cyber Attacks:
Cyber attack is the second step after the discovery of vulnerability. Cyber attacks utilize a malicious code to change system code or data. As a result, it causes an interruption that can expose data and could lead to cybercrimes. An attacker penetrates the network and source of data, to make the attack successful.
Cyber attack includes:
- Identity Theft
- Phishing and Pharming
- Trojans and Viruses
- Stolen hardware such as laptops or mobile devices
- DOS and DDOS Attacks
- Password Sniffing
- System Infiltration
- Website Vandalism
- Web Browser Exploits
3. Data Breach:
Data breach is a loss of sensitive information in an untrusted environment. In a successful cyber attack, cyber criminals steal information regarding username, passwords, credit card or debit card numbers, social security numbers. This data may include financial, personal or health information. Sometime attackers can gain full network access via stolen data. The main cause of a data breach is internal and external threats. Internal threat includes employees of organizations while the external threats contain hackers.
Data breach incident can happen in different ways, for example POS intrusion, application attack, insider theft, physical hardware loss, card skimmers and cyber espionage.
Symantec report on Vulnerability, Data breach and Cyber Attack:
Symantec has published Internet Security Threat Report in 2014, which shows shocking results about vulnerability, data breach and cyber attack. The key finding of the report is as under.
- In 2013, there was an increase in targeted attacks campaigns up to 91%.
- The overall data breaches have 62% growth.
- Approximately, 552 million user identities were stolen in 2013.
- 23 Zero-day vulnerabilities were identified.
- 38% mobile users experienced cyber crime in the past year.
- The good news is that Spam mail ratio dropped to 66% compare to whole email traffic.
- There was a one out of 392 emails related to phishing attack.
- An increase of 23% recorded in web based attacks.
- There was 1 out of 8 legitimate websites infected with vulnerability.
Since last few years, attackers have been using the latest and sophisticated techniques to lure web users and thereby try to steal the confidential information. In organizations, proper security precautions should be taken against vulnerability and potential data breach. Employees should be guided on data protection with the knowledge of data sharing policy. On the other hand, web users should keep a strong and lengthy password, review a bank statement regularly, and avoid unknown emails.