Hardware vulnerabilities are represented by any exploitable flaws in a computer system that allows intrusion through remote or physical access to system hardware. Any means by which a chip containing an executable code can be inserted in a computer is inherently a hardware vulnerability. When a user installs a software, changes location of files or plugs in flash drives is exposed to potential hardware vulnerabilities. Securing physical access by locking any slots, cabinets and cases housing computer equipment protects the user against this type of vulnerabilities. Another type of hardware vulnerability is an unexpected flaw in operation that allows cyber attackers to gain control of a system by elevating privileges or executing code. These vulnerabilities are not generally exploited through random hacking attempts but more typically in targeted attacks of known high-value systems and organizations.
Failing to patch vulnerabilities leaves an organization’s IT infrastructure at risk. Remote code execution, also known as RCE, is a type of vulnerability that allows cyber attackers to remotely run arbitrary code on vulnerable workstations. Cyber attackers can perform actions to exploit software vulnerabilities. Remote code execution is the most common vulnerability found in software today, and it can lead to other potential attacks. When trying to gain unauthorized access to a system, an intruder usually first conducts a routine scan (or investigation) of the target, collects any “exposed” data and then exploits security policy weaknesses or vulnerabilities. Vulnerabilities and exposures are therefore both important points to check when securing a system against unauthorized access.
Operating systems face escalating security challenges as global connectivity is growing and the number of reported vulnerabilities and incidents is increasing. Such security challenges or vulnerabilities often have a very predictable outcome: data or identity theft. For most operating systems the focus is directed on other functionalities rather than the user’s complete protection, therefore, they allow installation of unsecured computer software with administrator granted permissions that can alter or compromise user’s personal information.
A network vulnerability is a weakness or flaw in software, hardware, or organizational processes, which when compromised by a threat or attack, can result in a security breach. All data security breaches and cyber attacks start when a cyber criminal succeeds in exploiting a vulnerability found in an organisation’s network infrastructure. As a consequence, that network’s poor security creates the opportunity to facilitate remote access, data alteration or even cyber attacker’s full ownership of the network.
The telecommunication industry builds, operates and manages the complex network infrastructure utilized for voice and data transmission. Telecom companies communicate and store large amounts of user or organization’s sensitive data, and, in consequence, they represent a top target for malicious actors. As a result of its interconnected nature, the telecommunication industry’s threats can be divided into two interrelated categories:
- Threats targeting telecom companies directly (DDoS attacks, targeted attacks, network device’s vulnerabilities exploitation and human-related threats like insider access, social engineering and unauthorized third party access to data).
- Threats targeting subscribers of telecom services, particularly users of cellular and Internet services.
Data transfer through unsecured devices, applications or technologies imply, for individual users or organizations, high risks of sharing sensitive information with unauthorized third parties or even providing unwanted access to a computer of significant importance that may be used by external cyber criminals as an initial access point into a company’s network.