The Types of Vulnerability

Bad actors will typically target 3 principal vulnerabilities. Understanding these will help you manage risk and the actions you can take to mitigate them.

1

Flaw
A flaw is an unintended vulnerability. These can be the result of implementation. They can go undetected for a prolonged period and are often difficult to remedy.

2

Feature
Intended functionality which can be misused by an attacker to breach a system. Features may improve the user’s experience, help diagnose problems or improve management, but they can also be exploited by an attacker.

JavaScript, widely used in dynamic web content, continues to be used by attackers. This includes diverting the user’s browser to a malicious website and silently downloading malware and hiding malicious code to pass through basic web filtering.

3

User or Employee
A computer or system that has been carefully designed and implemented can minimise the vulnerabilities of exposure to the Internet. Unfortunately, such efforts can be easily undone.

Users can be a significant source of vulnerabilities. They make mistakes like using common or easily guessed passwords or leave their laptop or mobile phone unattended. Even the most cyber aware users can be fooled into giving away their password, installing malware, or divulging information that may be useful to an attacker (such as who holds a particular role within an organisation, and their schedule). These details would allow an attacker to target and time an attack appropriately.