Security Vulnerabilities Faced by Organizations

Organizations face challenges such as how they can eliminate security vulnerability in their networks and systems. It is challenging to achieve confidentiality, integrity and availability which are the main aspects considered in security. One of the significant security vulnerability faced by organizations mobile devices. That will include phones, laptops and tablets that are used by the employees. These are devices that are connected by the used on network systems of organizations. For system administrators, it is hard to control and ensure the security of all the mobile devises are they are controlled by the users. The vulnerability increases especially for organizations that use the BYOD policy (Timms, 2017). Hackers can easily attack the organizations because of the increased number of entry points. One way they can penetrate the system of the organization is through the applications found in the devices most of which may not be updated or don’t have the best endpoint protection software. If not addressed, the intruders can steal data from the organization which will negatively affect the people and management. Some of the information is sensitive hence once in the hands of the intruder; they can use it to destroy the reputation of a company. They can also use the devices to put malware on the network which will affect most of the devices connected to the network. One way the vulnerability can be prevented is by ensuring all the devices connected to the network have been registered, monitored by the administrator and they always have an antivirus program.

The second security vulnerability that organizations face is on the mail servers. Employees share data through their mail, and thus intruders view them as a good way they can get data from the organization. Having inadequate security in the mail server will make the intruder pretend they are users and hence access the system of an organization. Hackers can masquerade as one of the employees and communicate with another thus making the user share data that was meant to be kept secure (Amin, 2017). They can also share malware that will be used to infect other devices that the employees use to access the mail servers. One cause of the vulnerability includes the users having weak passwords that they use to protect their emails. Another reason comprises of having a weak intrusion prevention software. That will give an intruder an ample time to access the network and hence the mail server and be able to get data used in the company. To prevent the vulnerability from taking place, organizations need to ensure that all the devices have the latest security in their operating systems and in email applications that the employees use. If not addressed, data sent and received in the company will become vulnerable to cyber-attack. That will affect the confidentiality and availability aspects of security that needs to be maintained for the data.

The third security vulnerability that organizations face weak passwords on various devices and systems. Some employees in an organization use weak passwords which will cause them harm rather than protecting the systems, applications and data they are using. Weak passwords pose as one of the primary weak points for networking devices, and computer systems and organizations should seal this vulnerability by ensuring strong authentication will be implemented (Jarecki, 2017). Hackers will use techniques such as an SQL injection to bypass the passwords, and when the password is weak, they will take less time to penetrate the system. Weakly protected systems will also allow intruders to access remotely using their devices and manipulate the system and data of the organization. The solution will be for the system administrator to ensure that the users have strong passwords that will help them protect the systems and data of the organization. Another solution will be to ensure intruders will be locked out from accessing the system or application once some failed attempts have been reached. Hackers can change the password of the system once they have access to it and paralyze the operations. That will adversely affect the organizations. They will also access sensitive data of the company where they can manipulate it or share it with other people for malicious purposes thus causing havoc.

Another security vulnerability notable for affecting network systems and applications in organizations is USB flash drive and other data storage devices. Users share data using USB devices, and hackers see this as one right way they can penetrate to the systems, access data and cause havoc. Hackers can infect one of the USB or data storage device with malware, and when the user put it in their computers, they get infected. Workstation security is an important concept that needs to be addressed by the organization to prevent this vulnerability. Employees should only be allowed to share data through secure means such as a safe company email which will help to prevent the vulnerability (Johnson, 2016). That will stop instances where employees will come with malware and infect the other devices, therefore, causing a security vulnerability. It will also prevent users from taking sensitive data from the organizations and sharing it with other people who might manipulate it and negatively affecting other employees and the organization. The malware shared using the USB devices can be applied to corrupt data. They can use the devices to lodge an attack on the network and system used in the organization and cause harm.

To prevent these security vulnerabilities, organizations need to ensure employees use strong passwords; mail servers are secure, they control the use of mobile devices and restrict the use of data storage devices. Other than that, the network and system applications will continue to be vulnerable, and hackers will take the opportunity to cause harm to the organization.

References.

Amin, A., & Valverde, R. (2017). Using Dashboards to Reach Acceptable Risk in Statistics Data

Centers Through Risk Assessment and Impact Analysis.

Jarecki, S., Krawczyk, H., Saxena, N., Shirvanian, M., Kiayas, A., & Xu, J. (2017). Stronger

Security for Password Authentication-Webinar Series.

Johnson, C., Badger, L., Waltermire, D., Snyder, J., & Skorupka, C. (2016). Guide to cyber

threat information sharing. NIST special publication, 800, 150.

Timms, K. (2017). BYOD must be met with a wider appreciation of the cyber-security

threat. Computer Fraud & Security, 2017(7), 5-8.