Report on Software Vulnerabilities in the financial industry
1. StudentID:101015275
1
To: Jeffrey Lubetsky
From: Chandrak Trivedi, 101015275, Part 2
Date: 9th December 2015
RE: COMP4044 Briefing on Software vulnerabilities - unpatched devices.
As requested, I have completed my report on Software vulnerabilities - unpatched devices in
the E-Commerce Industry.
INTRODUCTION
The increase in reported information software vulnerabilities has been staggering, especially
in the past few years. Automated attacks are successfully exploiting such software
vulnerabilities, as increasingly sophisticated hacking tools become more readily available and
easier to use. By exploiting software vulnerabilities, hackers and others who spread
malicious code can cause significant damage, ranging from Web site defacement to taking
control of entire systems, and thereby being able to read, modify, or delete sensitive
information, destroy systems, disrupt operations, or launch attacks against other
organizations’ systems. The growing number of known vulnerabilities increases the number
of potential attacks created by the hacker community. As vulnerabilities are discovered,
attackers may attempt to exploit them. Attacks can be launched against specific targets or
widely distributed through viruses and worms.
According to CERT/CC, about 95% of all network intrusions could be avoided by keeping
systems up to date with appropriate patches; however, such patches are often not quickly or
correctly applied. Maintaining current patches is becoming more difficult, as the length of
time between the awareness of vulnerability and the introduction of an exploit is shrinking.
IMPACT
Successful attacks on unpatched software vulnerabilities will cause billions of dollars in
damage and can have severe impacts, particularly if the compromise becomes public and
sensitive information is exposed. Possible impacts include:
Temporary or permanent loss of sensitive or proprietary information,
Services to public,
Disruption to regular operations,
Financial losses relating to restoring systems and files, and
Potential harm to an organization’s reputation.
Technology impact will be entry of worms and viruses in our network will use to launch
denial-of-service attacks, which generally flood targeted networks and systems with so much
transmission of data that regular traffic is either slowed or completely interrupted which will
affect our revenue and no service to users which directly cause organization reputation.
2. StudentID:101015275
2
People impact will be they personal system can get affected with malware and virus through
our vulnerabilities and attackers can access there sensitive data or can take control over there
system or even can crush the system.
Privacy impact will be access or deny to customer’s information and organization
confidential data.
RECOMMENDATION
Patch Management: A Critical Process for Mitigating Cyber Vulnerabilities.
Standardized patch management policies, procedures, and tools.
Dedicated resources and clearly assigned responsibilities.
Current technology inventory.
Identification of relevant vulnerabilities and patches.
Risk assessment.
Testing.
Distributing patches.
Monitoring through network and host vulnerability scanning.
Additional steps that can be taken can be deploying other technologies, such as antivirus
software, firewalls, and other network security tools to provide additional defences against
attacks.
SOURCES
http://www.gao.gov/new.items/d031138t.pdf
http://www.cio.com/article/2872517/data-breach/6-biggest-business-security-risks-and-how-
you-can-fight-back.html
https://www.us-cert.gov/ncas/alerts/TA15-119A
https://www.opswat.com/blog/unpatched-software-vulnerabilities-growing-problem
https://www.f-secure.com/en/web/press_global/news-clippings/-
/journal_content/56/1075444/1346675?p_p_auth=ViFbkz5z
http://www.pcworld.com/article/172082/Unpatched_Applications_Are_1_Cyber_Security_Ri
sk.html