Part 1, Hikvision Senior Director of Cybersecurity on Vulnerabilities: What are Cyber Vulnerabilities?
Hikvision senior director of cybersecurity, Chuck Davis, has covered a wide-range of cybersecurity topics in recent HikWire blogs, including a recent two-part blog on vishing scams. Today, Hikvision’s Davis will cover the basics about cyber vulnerabilities.
“Vulnerabilities are a topic that I speak about frequently and that is often misunderstood. I thought it would make for an easy and informative blog, explaining vulnerabilities at a level where the average computer user can understand the topic,” said Davis.
We’ll start with what vulnerabilities are.
What are Vulnerabilities?
The formal definition of a vulnerability can be found here. To put it in layman’s terms, a vulnerability is a weakness in software that, when exploited, can give an attacker the means to do something malicious or unauthorized. While a vulnerability in the context of this article is a weakness in software, it is similar to vulnerabilities in the physical world as well.
Do you remember the Kryptonite bicycle lock? The Kryptonite lock was synonymous with strength. The steel tube was much stronger than traditional chain locks and easier to use and store. However, in 2004 someone figured out that these tough locks could easily be hacked with the innards of a cheap ballpoint pen. There were other instances of similar bicycle locks being opened with canned air and a hammer.
It’s unlikely that bike lock manufacturers purposely placed a “backdoor” in their products so they could be hacked by pens and cans of compressed air. Creative thieves discovered these tricks so they could steal bikes. The same thing happens with software and there are people making millions of dollars a year just by finding vulnerabilities.
Why Should You Care About Vulnerabilities?
Let’s start with your smartphone and home computers. As you probably know, Apple, Microsoft and Google create software updates every month for those devices. Some of those updates add new features but many of them are bug fixes or patches for vulnerabilities. These devices get updates automatically so you don’t have to think much about it beyond your computer or mobile device forcing you to reboot. There are generally three categories of software that the average person uses and each can have vulnerabilities:
- Operating Systems: All major operating systems, including Windows, MacOS, Linux, iOS, and Android get automatic updates.
- Software Applications/Apps: Apps in the iOS and Android app store also get automatic updates from the vendor. However, just because it’s in the app store doesn’t mean that the software developer is supporting and updating those apps so be careful what you install. Software that you install on your computer, like Adobe’s Photoshop, Microsoft Office, finance or tax software, and even games, may or may not come with automatic updates. And, the more software you install, the more likely you are to have vulnerabilities.
- Firmware: Some systems on your network will have the operating system and software all bundled up into one package called firmware. Firmware is mostly found on Internet of Things (IoT) devices like a smart doorbell or smart light bulb. When these are updated, the whole package of operating system and software are replaced by the new, patched version.
Automatic updates are an essential part of good security hygiene to keep your systems and network secure.
Visit the HikWire blog tomorrow to learn more from Hikvision’s Davis about vulnerabilities and protecting yourself.