IT Vulnerability and Security Risk
1.INTRODUCTION:
The article is about cyber risk / threats which became a part of our daily life. Since last decade computers / software’s have been developed so much and replaced most of our human task. This well known to all of us that how much we are depending now a days on computers and digital world considering online money transaction, study, communications , shopping and many more. The endless use of digital components made human life so dependable on this. Though this a good point as we all know that the amount of time we save along with the efficiency provided by technology. But when this advanced technology is misused then it becomes a curse to human life. People can loss their private information, wealth, research work and many more to unauthorized person which can later used for wrong / disaster purpose. Let us put some more light on the consequences.
2.Definition of IT:
Before get into IT vulnerability let us talk about modern definition of IT. IT stands for information technology which means the technology used for communicating the information in a better and convenient way. In 90’s which we consider as starting ages of computer, when computer used for simple computation and simple graphic works. Now we are leaving in such a world where we spent more time in virtual world rather than real world. In our current world, most of our work is based on computers which have evolved industries. IT is now an essential part for any industry / organization which not only consists the entire workflow through a virtual blueprint, moreover it also involved with the communication channel which an organization uses to serves his clients. IT does not stands for the companies who are providing consulting through software support or who are building new applications by inventing new technologies, rather It is a core part for any industry.
3.Vulnerability and risk
When we say that our life is depending upon technology, IT industry and its product comes first in that. The most amount of our information is basically process through IT components (various gadgets and useful applications installed in it ). We store our valuable data (office works, personal data, phone numbers, bank account details) in virtual media and transfer or communicate through that only. Hence if some unwanted person accesses those information, it can be easily misused. If we are not sincere enough to protect our data, it leads to vulnerability of our information and originate risk / threats. But sometimes vulnerabilities lie within the IT product itself. The application software that are used to process data may contain some bug [1] or loop wholes which can be targeted by hackers. When a hacker get access to some restricted data for which he is not authorized, he can easily misuse it for his own gain or to perform some unsocial / criminal activities. This becomes a risk then to our life / wealth / society as well.
4.IT vulnerability and their types:
Vulnerability that lies within IT products are most of time use to be bugs in coding, or loopholes that can be decode by unauthorized person. These can be categorized in below [2] types on a higher level:
• Authentication vulnerability
• Authorization vulnerability
• Session management vulnerability
• Input validation vulnerability
• Configuration vulnerability etc.
Apart from these points which can be found in internal configuration of any software product (programming/ coding) we can also become vulnerable and compromise our data privacy through some human errors. Some of the common scenarios are below:
• Leave important papers/ gadgets unattended which contains private data.
• Setting up easy password which can be guessed or tracked by few attempts.
• Access to unauthorized / illegal websites which bring viruses / junk files to device and prone the device toward vulnerability.
• Reply / access to the links sent in mail by anonymous sender. Etc.
Hackers may take over your device when you are connected to internet and stoles all of your data even without of your knowledge. Or even hacker can send some malicious data which will sits in your device and continuously send your data to hacker (technique called as spoofing). One more terminology is use very commonly is “Fishing”. Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. Hence while keeping important information; we need to be very careful to avoid risk for the same.
5.Social Impact:
There is a huge social impact through IT vulnerability which causes major risks and sometimes threats to our society and life. We often heard about the privacy breached of confidential data which result of stolen wealth and organization key secrets. We all are aware of Edward Sowden [3]. We can also take the below examples show massive social impact of IT vulnerability.
• Target (retail): In January, Target announced an additional 70 million individuals’ contact information was taken during the December 2013 breach, in which 40 million customer’s credit and debit card information was stolen
• Yahoo! Mail (communications). The e-mail service for 273 million users was reportedly hacked in January, although the specific number of accounts affected was not released
• eBay. Cyber attacks in late February and early March led to the compromise of eBay employee log-ins, allowing access to the contact and log-in information for 233 million eBay customers. eBay issued a statement asking all users to change their passwords.[4]
Hackers mainly targets banking and financial services and also information of defence which used to spread terrorism attacks. We have countless examples of similar types [] which can challenge cyber security.
6. Conclusion
We should keep in mind that technology can be used for both constructive and destructive works, and when it is use for bad purpose, it becomes risk to our life. Hence use of advance technology should be in such a way so that we can avoid the vulnerability to our data.
7. Bibliography / References
1.BUG: a bug is a coding error in a computer program.
2. https://en.wikipedia.org/wiki/Vulnerability
3. https://en.wikipedia.org/wiki/Edward_Snowden
4. http://www.dailymail.co.uk/news/article-3298609/Hackers-hit-14-new-firms-including-Vodafone-sell-details.html
https://bcognizance.iiita.ac.in/archive/nov-15/?p=141IT-VulnerabilityBishwajeet Chakraborty
B.E. (CSE) / Network Security Analyst
Accenture Services Pvt. Ltd.