Oftentimes people and/or organizations outside the security industry, and sometimes even security professionals mix up the terminology of threat, vulnerability and risk. It is crucial to understand the relationships between threats, vulnerabilities and risks to build effective security policies and keep your organization safe from various cyber and physical attacks.
We want to highlight the differences in definitions of threats, vulnerabilities, and risks within the context of security;
Threat
A threat is anything that has the potential to disrupt or do harm to an organization. Threats can be natural, intentional or unintentional. Natural threats are hazards such as earthquakes, floods and wildfires, which are random in terms of duration and impact. Intentional threats are actions done on purpose like to steal or damage computer resources, equipment, and data. Unintentional threats are attributed to human error, e.g. leaving the door to IT servers unlocked, or leaving the front door of the organization containing sensitive information unmonitored.
Vulnerability
A vulnerability is a weakness or gap in a security system, which can be exploited by threat actors in order to achieve their goals. A vulnerability assessment is a systematic review of weaknesses in a security system and evaluates if the system is susceptible to any known vulnerabilities, it should assign severity levels to those vulnerabilities, and then recommend remediation or mitigation, if and whenever needed. Vulnerabilities show themselves via several avenues:
Current employees: Social interaction, customer interaction, discussing work in public locations, taking data out of the office (e.g phones, laptops), emailing documents and data, installing unauthorized software and apps, opening spam emails, connecting personal devices to office networks, writing down passwords and sensitive data, losing security devices such as ID cards, lack of information security awareness.
Former employees: Those who are working for competitors, retaining company equipment and data, or discussing company matters.
Technology: Social networking, file sharing, saving data on mobile devices such as mobile phones, Internet browsers, computers or other devices.
Partners and suppliers: Disruption of telecom services and utility services such as electric, gas, water, hardware and software failure, lost mail and courier packages, supply disruptions, sharing confidential data with partners and suppliers
Security Systems: Faulty cameras, sensors, or other security devices. Broken or unfollowed security policies or procedures.
While most organizations implement some type of security, hardly any consider the numerous security weaknesses that exist in their current circumstance. You ought to consider physical security, report the weaknesses in your environment, and make business choices about how to keep those weaknesses from compromising the security of your organization.
Risk
A risk is the effect of uncertainty on objectives. It’s usually expressed in terms of risk sources, potential events, their consequences and their likelihood.
A risk assessment is the overall process of risk identification, risk analysis and risk evaluation. Organizations should invest in a risk assessment program to better understand, measure and prepare for risks to their operations. A risk assessment involves evaluating not only the physical site but also how business is done which could create additional threats and vulnerabilities. These assessments offer numerous benefits including;
Helping to identify which parts of your security measures are weak and what security threats face your organization. This enables you to address vulnerabilities and enhance your company’s security.
See if your organization’s security measures meet the requirements put in place by the government / international bodies.
Enable you to have a clear vision of how efficient your security controls are and how you can upgrade them.
Remember, risk does not end once the basic security systems have been put in place. Risk assessments should take place regularly as threats and vulnerabilities are constantly changing and a risk assessment is like a snapshot of the current risk. A well planned risk assessment program will save your organization from undesirable losses.
How to protect your children from online child exploitation during COVID-19
The COVID-19 global lockdown has subjected a large number of youth to online abuse and violence. The screen time of kids has increased to a high level because of the dependence of education on online technology and too much leisure time spent on social media, and gaming. The interaction with these online platforms has increased so much that, during the last six months there has been a noticeablechange in kids’ behaviorsand personality development. In such conditions, the kids belonging to underrepresented communities are subjected to online criticism that has proved to be toxic for their mental health and upbringing.
The sense of exclusion, divide and hate has increased among youthbecause of the absence and scarcity of laws and regulations on social media. This has also largely impacted the psychological and socio-economic risk factors at the individual, family, interpersonal and cultural levels. The increased frustration inside the family systems, negligence and ignorance of parents towards their duty of supervising has made children more vulnerable to Online Child Sexual Exploitation (OCSE) as well.
The lockdown confined families to their homes, so any entertainment has also only taken place at home during this period. Now everyone has a device in their hands, a lot of leisure time, a unique set of ideas to produce content and upload it for the world at no cost. The absence of human content moderators, and reliance upon technology, has allowed predators to upload explicit content on mediums like Youtube, Instagram, TikTok and Facebook. The less reliable automated systems allowed more time for such content to spread on their platforms.
There has been very little check and balance of sexual exploitation content being uploaded, rather many of the platforms’ algorithms encourage kids to bring out such content as it generates lots of likes, comments, and engagement. This is not just sexually exploiting but also becoming a cause of hate speech and exploitation of underrepresented communities. Traffickers have taken advantage of the situation, by making fake accounts and posting fake jobs on them to reach educational websites and apps to get data that they can use to exploit children online.
Few bits of Advice for parents
★ Look out for predators who are trying to trap your child by showing affection and opportunity in online commenting. For example, there are comments like “I love you”, “I can make your life better”, “I’ll make you successful”, and “I’ll protect you” should be an alarming situation for you and point where you need to talk to your child about it.
★ Be aware of Pop-up ads and scam alerts because they can be a source through which you could lose information that you might not feel is important but it is definitely a source of exploitation for predators.
★ Always be aware while giving access to the apps you are using. The permission you give for tracking location can be used against your child.
★ Emojis that are mostly used by youngsters can be an opportunity for predators as they can transfer information through emoji without being detected by scanners and moderators.
What should Parents do?
★ Be aware of what your kids are doing on social media. Take note of whom they are interacting with. You can always check their screen time on each app to track down the potential predators.
★ Educate your kids about the harms of excessive use of social media and depending on its information. Talk to your kids and converse with them the possible ways of protection from dangerous intentions of strangers. Let them come to their conclusions under your guidance.
★ Look for other interesting engagements and plays for your children to reduce their screen time. Bring them towards healthy activities organically.
★ Make sure that privacy settings and firewall software turned on to their maximum level on all the devices and apps they are using. Keep the check of age ratings of games, apps, films, and social networks to know if those are suitable for your kid’s age or not.
★ Use trusted monitoring technology such as Barkto keep your child protected.
★ Take precautionary measures while handing over the device to your kid. Supervise them while they browse information.
About Protect Us Kids Foundation (PUK)
Protect Us Kids Foundation is a non-profit that focuses on providing resources for youth within rural, underserved and marginalized populations globally; to include the development of critical targeted research of Online Child Sexual Exploitation (OCSE). Our goal is to not only bridge the digital divide by providing resources to protect youth online, but also leverage cyber research, intelligence, and analysis in an effort to provide relevant and impactful awareness that remains culturally sensitive to the global communities that we serve.
It’s not too late to register for our free online training for parents on keeping children safe while online. Join us tomorrow at 3pm Kenya time with Protect us kids and Shehacks as Ladyaskari moderates a thoughtful discussion. https://zoom.us/webinar/register/WN_mVEosuvlTFuc4ciMzQ9YUw
Free Training On Keeping Children Safe While Online
Are you an experienced Control Room Operator interested in working for an innovative, lady focussed security company? If so, then Lady Askari is looking for you. If you are based in Nairobi or Kisumu, Kenya, and are looking for a new challenge submit your cover letter and CV to HR@ladyaskari.com. Ladies are strongly encouraged to apply.
Only shortlisted candidates will be contacted for a virtual interview. The start date is in June 2020
