Weaknesses and Vulnerabilities: Why They Should Not Be Ignored
13/04/2021 |

Weaknesses and Vulnerabilities: Why They Should Not Be Ignored

Are vulnerabilities only limited to IT, or do they also have something to do with us? And when do we have to counter them and, above all, how?

“What are your weaknesses?” is a frequently asked question in job interviews. Hopefully, there is no one who still answers, “I have no weaknesses.” Because the truth is, everyone has weaknesses. It’s just that it’s still difficult to come to terms with them, because they are unfortunately very often associated with deficiency or even inferiority. Weaknesses have a rather negative connotation largely because they confront us with fallibility.

In times of social media and the increasing urge for quick success, applause, and the competition for likes or followers, it is not surprising that this is difficult. And, it’s not only in social networks that people strive for the greatest possible perfection but in almost every area. Supermodels today are younger than ever, skinnier than ever; figure skaters today jump more quadruples than ever; ballet dancers are more technically perfect and flexible than ever; and more young people today tend to achieve a university degree than in their parents’ generation.

This list could be continued almost endlessly. Higher, faster, further is more pronounced today than ever before. There is no room for weakness. You have to play along, belong, be part of those who are without flaw.

That’s why it seems especially important to ignore one’s own weaknesses as much as possible and even to hide them.

Open and honest in dealing with one’s own “shortcomings”

We don’t have many problems seeing the weak points of others; we usually recognize them pretty quickly. However, we are less receptive to our own shortcomings. It’s much easier for us to discuss the shortcomings of others at length with friends or colleagues after work. Self-reflection, however, is taboo.

Under certain circumstances, this can have negative consequences. If you don’t deal with your weaknesses honestly and seriously, this can easily lead to overestimating yourself. Mistakes can result from this, and one may deliver work results that are by far not as good as one might assume.

Plus, certainly no employer wants to hear in an interview that the applicant has no weaknesses.

An open and honest approach to one’s own “shortcomings” is recommended, because these exist in all of us. Many decision-makers in HR departments probably see it that way, too, because only those who actually know their weaknesses can work on them, exploit existing potential, and even discover new ones.

In doing so, honestly answering questions such as “What tasks do you particularly enjoy?”, “What do you regularly have problems with and have to make a special effort at?”, or “What do others often ask you for your advice or help with?” could be a helpful step towards a realistic self-assessment.

Self- vs. external perception

After a ruthless and unconditionally honest self-assessment, another important step would be to interview someone from your private or professional environment:
What strengths and weaknesses does someone else see in you?

Now that you have interviewed both yourself and others, you should compare the self-assessment and the assessment by others; then, honestly reflect on the results.

In doing so, it is important to remember that weaknesses are fundamentally relative. What you consider a personal weakness may even be a strength for other people. The truth usually lies in the middle.

Accept and (or) change

Actually, identified weaknesses should be accepted for what they are — human flaws that everyone has and that need to be accepted. Perfectly normal, in other words. Weaknesses are no reason to make oneself look bad. We are not perfect, and we have to be aware of that.

Weaknesses are natural simply because we are human beings. In principle, this cannot be changed, and in many cases weaknesses do not need to be counteracted. It is a fact that man is afflicted with weaknesses, makes mistakes. And, that is good.

Of course, this does not mean that one cannot or should not work on weaknesses. On the contrary. Life is a continuous learning process and working against weaknesses is an important part of that. As we talk about weaknesses or vulnerabilities, such as a lack of expertise or behaviors that do not lead to the desired results and that have negative effects in professional or private situations, we know that this is important.

A good weakness is better than a bad strength.
Charles Aznavour

Regarding the weaknesses where it makes sense to think about change, it is important to be aware that we will always be “flawed” anyway. That is what makes us human beings. It is not for nothing that when people talk about automation in companies today, they say “human risk factor.”

This is, in fact, one of the important reasons that encourages the digitalization of business processes. The fact that workflows are less prone to errors when people no longer have to intervene manually to such an extent.

Vulnerabilities in IT

This train of thought brings us to another perspective, or rather to the area that certainly comes to mind first for many when we first think of vulnerabilities: IT.

Vulnerability in IT stands for security gaps in programming or coding of software through which malicious code can get into individual computers or even entire systems.

Now, with an IT vulnerability, as with weaknesses in humans, we don’t talk about whether they belong to software or not, nor do we talk about whether they quite normally occur in other software as well.

Vulnerabilities in IT usually represent a threat that cannot be dealt with by patching alone. Patching is important, but there is no way around complex vulnerability management.

Why?

  • System dependencies often do not allow an up-to-date patch
  • Not every vulnerability has a patch.
  • Misconfigurations cause vulnerabilities even with current software versions

Today, companies are regularly attacked by cybercriminals and usually suffer long-term damage —with an upward trend. We live in turbulent, constantly changing times. The world is networked and digitization is advancing.

We experienced this very clearly in 2020 when more and more people moved their workplace to a home office. They moved from a network managed by IT professionals to a workplace with no corporate firewalls and possibly no professional antivirus programs protecting them. This situation has been a meal ticket for cybercriminals and poses major challenges for IT departments.

Vulnerability management is essential

This makes effective vulnerability management all the more important for companies today. This is the best option for reducing vulnerabilities and minimizing security incidents.

Vulnerability management deals with security-relevant weaknesses in IT systems. It is an ongoing process aimed at identifying vulnerabilities in the IT infrastructure, assessing their severity and providing a list of steps to be taken to eliminate vulnerabilities. The aim is to eliminate vulnerabilities, but also to make the company less at risk for attacks in the future and to minimize critical security incidents.

IT security is always a complex series of process. Vulnerability management plays a significant role in this and is the foundation, so to speak. Measures can only be developed and deployed effectively if vulnerabilities are known.

Interestingly enough, here is the parallel: As with identification of vulnerabilities in our IT departments, only people who actually know their weaknesses can work on them, exploit existing potential and even discover new areas for growth.

Vulnerability management involves transferring the knowledge gained into a work process whose goal is to close the vulnerabilities.

The following questions need to be addressed:

  • Who receives what information about discovered vulnerabilities at what time?
  • Who is responsible for what?
  • What are the possible courses of action?

Tools are essential

Tools are of great importance for optimal vulnerability management, as they are for many areas in today’s working world.

Modern tools must monitor a complex, constantly changing IT environment and respond within the shortest possible time when problems are detected. Today, they work in a fully automated way and scan the IT environment continuously.

Contemporary vulnerability management programs also offer much more than simple scanning and remediation. They also help automate and orchestrate critical tasks and accelerate the prioritization and remediation of vulnerabilities or, if necessary, disconnect systems from the network.

Where does vulnerability management come into play?

Software manufacturer

For manufacturers, of course: vulnerability management primarily means quality control.

Software manufacturers systematically search for vulnerabilities in their software. And they do this in a variety of ways. For example, through code analysis, black and white box tests, and penetration tests. In addition, they receive reports on potential vulnerabilities from external parties, such as customers or security researchers. These reports are evaluated in the light of the company’s own findings, a workaround is defined if necessary, and the vulnerability is then remediated.

This usually leads to a security patch, often combined with a security announcement and possibly the issuance / application of a CVE ID.

Security Teams

Security teams receive reports of vulnerabilities from, e.g., BSI, software vendors, Mitre or other channels.

Incoming reports are checked for their relevance and its criticality for the infrastructure is determined. This usually results in an advisory for the downstream IT departments with the request to patch systems. In some cases, advisories may also contain deadlines.

Checking the implementation of the advisories can also be part of the overall process. This sub-process can also be performed regularly to check the patch status of systems. Often the procedure is divided into the following 4 steps:

  • Definition of target state
  • Identification of deviations
  • Remediation
  • Reporting/reassessment

Vulnerability management is also a component of optimal ITSM. This is usually triggered by an advisory or a message from the manufacturer. The ITIL areas affected are Configuration Management, Incident Management, Change Management, and Governance.

IT security teams today should inform themselves about the possibilities of using tools such as SOAR software like STORM powered by OTRS and weigh which software is most suitable for their requirements. Especially with a sensitive topic like IT security, professional support counts significantly.

As you can see, there are many parallels when it comes to weaknesses or vulnerabilities, no matter which area you are talking about. Even if with different characteristics or priorities.

Do not look away when it comes to weaknesses or vulnerabilities

Vulnerabilities should never be ignored. It is always worthwhile to identify them, assess them and then do something to eliminate them.

As we discussed, this is not necessarily the case with humans, but it is, for the most part, with IT. There, unlike with people, vulnerabilities very often mean an existential threat.

In any case, looking the other way is not an option when it comes to weaknesses or vulnerabilities.

We personally can achieve significant improvement in our work or life situation through “weak point management” in most cases. Even if it is only the realization that our weaknesses are completely normal and do not require any action.

In the case of companies, properly functioning vulnerability management often even means avoiding long-term massive damage, up to and including the destruction of their existence.

Take weaknesses seriously and deal with them: It can only make you stronger.

Text:
Photos: Simon Berger vis Pexels

Leave a Reply

Your email address will not be published. Required fields are marked *

Share the Story