Vulnerability
A vulnerability is a weakness in an asset or of a safeguard. Vulnerabilities are targets for cybercriminals who often try to exploit them by gaining illegal access to systems.
Sources of Vulnerability
The following examples are vulnerabilities used by cybercriminals to harm an organization:
- System misconfigurations: An improperly configured network can leak vital information outside or even give external access to the system.
- Unpatched software: Software requires updates to mitigate vulnerabilities as they are discovered.
- Poor data encryption: Use of weak or outdated encryption algorithms leaves data vulnerable to external attack.
- Weak authorization credentials: Includes easily guessed passwords, shared accounts, and lack of multi-factor authentication.
Identifying Vulnerabilities
A common way to identify and prevent vulnerabilities is a vulnerability assessment. It is a systematic review to see what (if any) vulnerabilities exist, their criticality, and recommendations to remediate them if needed. A vulnerability assessment will scan the network to identify any software and configurations with vulnerabilities that have not been remedied. This type of test can generally uncover unpatched software, network protocols using outdated encryption, or exposed ports not protected behind a firewall.
Vulnerabilities vs. Threats
A vulnerability can make an organization susceptible to threats. A threat is a malicious event that exploits a vulnerability. More specifically, a threat is when an adversary has the opportunity, capability, and intent to negatively impact an organization’s employees, processes, or technology. Some examples of threats include malware, ransomware, and phishing attacks.
Contribute to Docs
- Learn more about how to get involved.
- Edit this page on GitHub to fix an error or make an improvement.
- Submit feedback to let us know how we can improve Docs.