Common Network Vulnerabilities
(The effects of the absence of knowledge on unencrypted communication: Setting ground rules for an organizations internal structure)
“Businesses, governments, and other organizations face a wide array of information security risks. Some threaten the confidentiality of private information, some threaten the integrity of data and operations, and still others threaten to disrupt availability of critical systems” (Sullivan, 2009). Since such security risks are always going to present in the cyber world, businesses and organizations need to fully be aware of any vulnerabilities in their systems. The initial realization of any organization’s vulnerability can only first be understood through the knowledge of what vulnerability means. A vulnerability is a security weakness but not a security threat. It is what needs to be assessed in order to examine an organization’s network. One of the main network vulnerabilities facing IT managers today is the absence of encrypted data being transferred and received between uninformed users and the lack of knowledge and understanding within an organization’s internal structure.
Network vulnerabilities are present in every system and with the constant advancement in knowledge, programs, and technology; it can be extremely difficult to rid all vulnerabilities in any infrastructure. Whether it is implementing hardware or beefing up software security, no one method of protecting a network can be greatly increased unless the users and IT professionals behind the update are up to speed on what is happening. To begin, all users in an organization or business need to be aware. Be aware of your surroundings. Be aware of the software that you use on a daily basis, and the information that is being passed between everyone. Security awareness in any infrastructure needs to be the center of any cyber security business program. “In many respects, the challenges of implementing and managing effective technical controls pale in comparison with the difficulties in addressing organizational weaknesses, such as insufficient or ineffective security awareness training” (Sullivan, 2009).
Companies that don’t provide security awareness and training are leaving open pathways into their network (McLaughlin, 2006). From an IT manager’s standpoint, companies are fully aware of the threats that their organization is faced with everyday. From a survey conducted from nearly “550 small and midsize businesses, it was found that human error was the primary cause of nearly 60 percent of security breaches during the past year” (McLaughlin, 2006). This 60 percent clearly states that the primary holes in any organization’s security remain user problems and insufficient training throughout the company. “The alarming part is that little is being done to change cultural behavior” (McLaughlin, 2006). Even knowing that the lack of education and training cause companywide vulnerabilities, changes and training continue to lie on the wayside and be less of a priority rather than a major one.
The Internet is rapidly growing and evolving and people need to evolve with it. The Internet is ultimately becoming the staple for all businesses today. “Businesses from all over the world have found the Internet to be a cost effective and reliable business tool. Indeed, in the last few years, in addition to conventional business transactions, many of the controls systems (SCADA) that support national and public utilities are adopting the Internet as a core data transport method. This has resulted in businesses and societies becoming critically dependent on the continuous operation of the Internet” (John, n.d). These dependencies need to then be addressed to provide critical support for end user vulnerabilities.
End user vulnerabilities need to first be recognized within a business and proper steps need to be taken to adequately train...