Security Vulnerabilities in the Workplace

In today’s advancing technology landscape things are changing so quickly that it is becoming impossible for the uninformed to stay ahead of it. The challenges that people are facing today are unlike any they have encountered in the past. Those who wish to cause harm within our businesses and personal lives are getting smarter and more effective. As such there is no shortage of security in the news lately, and unless you are watching for it you will likely miss some of the major headlines that could impact you or your business.

What sparked this topic was the news of a popular application called CCleaner that was compromised through a back door installed in the tool. CCleaner is a maintenance and file clean up tool run by a subsidiary of the anti-virus company Avast. The infection through the backdoor in CCleaner is said to have affected 2.27 million users. The frightening piece of this is the infection occurred on what many would have considered to have been a safe application to use as it was owned by a security application company.

BlueBorne is another set of vulnerabilities that was recently discovered by a security firm named Armis. The 8 discovered vulnerabilities (Armis indicates there are many more) allow access to devices communicating over Bluetooth. This vulnerability wasn’t just on phones, these exploits were discovered on computers as well as IoT devices which tend to have a lower level of security in general. These discovered vulnerabilities would allow attackers to access networks and to install malicious software. There is good news for some and bad news for others here as Microsoft and Apple have released ways of dealing with the vulnerabilities through deployment of iOS 10 by Apple and a patch released by Microsoft. Android users’ software is spread across many hardware platforms such that the individual manufacturers will be responsible for releasing the fixes. Google seems to be getting ahead of this by releasing some protective patches for September. Fortunately, these vulnerabilities can only affect a device if Bluetooth is turned on, so if you are worried, just make sure you have disabled it for the time being.

The recent security attack is one that most people are aware of at this point, the Equifax breech. This breech was made possible by vulnerabilities in Struts2 components used in creating Java web applications. Sources are saying that approximately 3,000 organizations downloaded the versions of Struts2 that were publicly disclosed as being a potential for exploitation.

People need to be consistent in their consumption of security headlines, and when a new vulnerability is discovered you need to quickly educate yourself on how you can remain protected as much as possible. The reality is that as we edge closer to becoming a fully digital world and marketplace, more and more of the things we interact with on a daily basis are at risk of being compromised.