Vi Vu


What is a Vulnerability?

A vulnerability is a weakness that cybercriminals can exploit to gain unauthorized access to information or perform illegal actions on a computer system.

According to the National Institute of Standards and Technology (NIST), the weakness can be in an information system, system security procedures, internal controls, or implementation that threat sources could trigger and exploit.

Vulnerabilities give hackers leeway to run malicious code, access computer memory, install malware, and steal or destroy sensitive information.

Key Takeaways

Vulnerability Vs. Risk

People use the terms vulnerability and risk interchangeably. However, they are not the same thing.

A vulnerability is a flaw or risk that hackers can exploit, while a risk is the probability and impact of a cybercriminal exploiting a vulnerability.  If a vulnerability has a low impact and probability, then the risk is low. Inversely, vulnerabilities with high likelihood and impact represent high risks.

Some common vulnerabilities pose no risk if their probability and impact are negligible.

What is an Exploitable Vulnerability?

An exploitable vulnerability has one or more working attack vectors. An attack vector is a path or means by which a cybercriminal gains unauthorized access to a computer or network to deliver a negative outcome. Attack vectors allow attackers to exploit system vulnerabilities and launch cyberattacks.

Both cybercriminals and ethical hackers regularly search for exploitable vulnerabilities to perform illegal activities or to secure a system.

Sources of Vulnerabilities?

Several factors cause vulnerabilities:

The National Vulnerability Database (NVD) shares most of the previously disclosed vulnerabilities. The flaws are enumerated in the Common Vulnerabilities and Exposures (CVE) List, making it easier for cybersecurity experts to share data across separate vulnerabilities.

Some notable vulnerabilities include:

Detecting and Mitigating Vulnerabilities in Your Systems

You can deploy relevant tools and skills to conduct vulnerability assessments and scans to identify, analyze, and address flaws in hardware or systems that could allow hackers to attack your IT resources.

Some companies offer bug bounties to encourage ethical hackers to search for vulnerabilities in systems.

After detecting vulnerabilities in your system, you can take the affected IT asset offline and install a patch from vendors.

George Mutune

I am a cyber security professional with a passion for delivering proactive strategies for day to day operational challenges. I am excited to be working with leading cyber security teams and professionals on projects that involve machine learning & AI solutions to solve the cyberspace menace and cut through inefficiency that plague today's business environments.