Posted: September 9th, 2022

Vulnerabilities and Risks in IT

Vulnerabilities and Risks in IT

Introduction
The use of information systems and technologies has globally been associated with a particular type of risk and vulnerabilities (Igried, 2019. 1). This is despite the growing importance of using automated Information Systems in their operations as it boosts the entities towards more significant benefits. Therefore, it has become the mandate of all organizations to work on protecting their systems from the risks and vulnerabilities under the aspect of Risk Management. Through efficient risk management, an organization will understand the risks and vulnerabilities their systems are exposed to then they utilize the company’s resources to implement the protective measures for the threats.
Notably, risk management is, at times, not a trivial task considering different entities are working with tight budgets. Conversely, IT security can be a costly function. Therefore, it takes an extensive risk analysis and formulation of a feasible plan for the entity to ensure that the company’s systems are protected with optimal use of available resources (Poolsappasit, 2010). In security protection, a feasible plan will be one that has complied with ISO 27000 standards. ISO 27000 comprises six parts that provide certification guidelines, meeting security requirements, and accrediting the institutions. The utilization of the recommendations not only improves the company’s reputation for reaching international standards but also enhances its security. therefore, the organizational stakeholders are also assured that that information is secure
Research Background
IT Systems’ Vulnerabilities and Associated Risks
As indicated earlier, dealing with IT systems’ vulnerabilities begins with knowing these threats to both the hardware and software. The vulnerabilities are the weaknesses of the systems either in the procedures, design, or implementation which an attacker may exploit for malicious purposes. The vulnerabilities associated with hardware are focussing on the physical aspect of the computers. The vulnerabilities could be as simple as an addition, change or removal of devices, interception of traffic, or flooding it with traffic (Pfleeger and Pfleeger, 2007, 13). These simple disruptions could utilize having designers in place. However, attacks on the hardware could also happen physically that is damaged by physical elements such as water, electrocution, food, fire amazon others. These attacks may be accidental, but some of them are intentional. An attack such as the “voluntary machine slaughter” in which an individual intentionally harms the computer hardware or software (Pfleeger and Pfleeger, 2007, 14). Regardless of the attacks, whether deliberate or not, all the vulnerabilities will require proper physical security systems for the complete protection of the machines.
In terms of software, its vulnerabilities will encompass the flaws existing within the software system, causing it to act abnormally to be exploited by a malicious attacker. Improper processes, poor designs, programming errors are all root causes of software vulnerabilities in computer systems (Ahmad et al., 2013). The vulnerabilities can be categorized into three; software deletion, software modification, and software theft. Software deletion is typically prevented through configuration management, which also protects from its destruction or accidental replacement. However, the removal of software can quickly be done, which will cause the loss and damage of relevant information, especially where there are no proper backup systems Pfleeger and Pfleeger, 2007, 14). In terms of modification of software, it entails having the software fail or perform unintended functions.
The software can be modified to allow particular conditions to be met, which will enable the exploitation of the systems by malicious attackers. Other modifications will allow even a user who was previously not permitted to gain access to particular information. Trojan horses, viruses, trapdoors, leaks, and malware are different modifications that could be introduced into malice (Pfleeger and Pfleeger, 2007, 15). failure to have proper protection and control of the systems can easily allow the quick breach of software security.
The vulnerabilities of IT systems are extensive. Thus, this demonstrates that these vulnerabilities pose higher risks to the systems. The risks associated with the systems are typically the potential losses or damages incurred in case the vulnerabilities are exploited (Watts, 2020). These risks include financial losses, infringement of one’s privacy and confidentiality, reputational damages, legal implications, and the loss of life. A risk management plan is essential since it will ensure the organization understands its vulnerabilities and the potential threats in conjunction with the associated risks. This will lead to the formulation and implementation of risk mitigation measures in consideration of urgency and the severity of the damages in case the vulnerabilities are exploited (Watts, 2020).
Fortunately, current organizations can utilize the ISO 31000, Risk Management-Guidelines in the formulation of their risk management processes (International Organization for Standardization, 2020). These are principles, frameworks, and procedures to be followed by organizations in managing risks regardless of industry, size, or operations. The structure also helps the institutions achieve their objectives as they guide in identifying opportunities and threats, leading to an effective allocation and utilization of resources for proper handling. It is essential to note that ISO 31000 cannot be utilized for certification but can act as guidelines for the internal and external audit programs.
Research problem
Despite the extensive available information of the different vulnerabilities and associated risks to information systems, most UAE organizations have been found not to take information security with utmost care. According to the Threat Landscape Report (2019) by DarkMatter- a UAE-based Cybersecurity Firm- businesses in the UAE are running outdated software, increasing the threats of economic espionage from potential hacking companies. Apart from unsupported or obsolete software, other security weaknesses, such as the unpatched vulnerabilities, are providing cyberattackers with easy access and exploitation of company assets (Chapman, 2019). while the report fails to indicate the number of organizations that are included in the analysis, it provides a general overview of the information security aspect in UAE organizations. This is unfortunate considering the UAE has a growing prominence in becoming a digital ecosystem, and thus, there is an expectation of having cybersecurity measures.
According to Wade (2019). The UAE is experiencing multiple cyber threats; hence an effective cybersecurity program is essential for the vital business environment. Notably, these effective programs are determined by how they address the issues related to digital business, risk management, and compliance challenges. The directors to UAE Companies are the parties who are the first to be held personally liable in case of any losses and damages for IT vulnerabilities and threats. The malware attacks that many UAE organizations face are caused by employees who inappropriately use the systems or share information through mobile devices. This increases their vulnerability to cyber attackers. Global factors also determine the security of these firms in IT systems because an increase in global cyber incidents affects global and national economies significantly. Cybersecurity is affected by numerous factors in the UAE as it is in other countries.
Sebugwaawo (2019) indicates that the increase in cyberattacks demonstrates the need for awareness of IT security issues. UAE organizations need both the skills and knowledge to address the vulnerabilities and risks associated with their IT systems. There is a need to understand how the UAE government is working towards handling hardware and software vulnerabilities. Furthermore, it is essential to understand their risk management procedures and the implementation of measures to protect against the various vulnerabilities. The need to look at these challenges from the government’s side is because they act as role models in multiple issues. If they choose to take Information Security seriously by ensuring their systems have adhered to the formulated regulatory frameworks, then other organizations will put extra efforts to protect themselves as they uphold the rule of law.
An understanding of the current status of IT security in the UAE government and the country, in general, will allow the research to recommend measures that could be implemented to achieve higher security levels and mitigate any associated risks. These recommendations will consider the evolving nature of the technology world and ensure that they are updated enough to be improvised in the current organizations or sustainable security.
Research Question.
The central question to this research is: “How is the UAE Government and Respective Companies Handling the Various IT Risks and Vulnerabilities To their IT Systems?” In answering this question, the research will look into:
1. What are the Current IT Vulnerabilities and Risks Facing the IT Systems in the UAE Government And Companies
2. Regulatory Frameworks have been implemented by the UAE Government to ensure IT security is upheld.
3. What Major Cybersecurity attacks have recently occurred in the UAE and caused significant damages and losses?
4. What are the Current Measures Implemented in Dealing with the IT Vulnerabilities and Risks
Research Objective
The primary objective of this research is to understand the perspective of cybersecurity in the UAE and come up with better measures to improve security levels.

References
Ahmad, N.H., Aljunid, S.A. and Ab Manan, J.L., 2013. Vulnerabilities And Exploitation In The Computer System–Past, Present, And Future.
Chapman, C., 2019. Most UAE enterprises are vulnerable to cyber-attacks. Retrieved from https://portswigger.net/daily-swig/most-uae-enterprises-are-vulnerable-to-cyber-attacks
Igried, A.K.B., 2019. Risk and Vulnerability Analyses for the protection of Information for Future communication security Based Neural Networks* Al-Khawaldeh Igried Al-Smadi Takialddin. Journal of Advanced Sciences and Engineering Technologies, 2(1), pp.1-20.
International Organization for Standardization., 2020. ISO 31000 — Risk management. Retrieved from https://www.iso.org/iso-31000-risk-management.html
Poolsappasit, N., 2010. Towards an efficient vulnerability analysis methodology for better security risk management (Doctoral dissertation, Colorado State University).
Pfleeger, C.P. and Pfleeger, S.L., 2012. Analyzing computer security: a threat/vulnerability/countermeasure approach. Prentice Hall Professional.
Sebugwaawo, I. (2019, May 1). Cyberattacks are increasing in UAE, study says. Retrieved from https://www.khaleejtimes.com/business/local/cyberattacks-increase-in-uae
Wade, G. (2019, November 8). UAE: Cybersecurity regulations and their impacts. Retrieved from https://www.dataguidance.com/opinion/uae-cybersecurity-regulations-and-their-impacts
Watts, S. (2020). IT security vulnerability vs. threat vs. risk: What are the differences? Retrieved from https://www.bmc.com/blogs/security-vulnerability-vs-threat-vs-risk-whats-difference/

Order | Check Discount

Tags: Vulnerabilities and Risks in IT