While a vulnerability may be physical, such as not having a lock screen on a machine, system or device, or by not securing the room it is in, vulnerabilities also occur in a cyber context. Generally, but not always, these refer to software vulnerabilities. A vulnerability scoring system (CVSS) may be found with NIST and it is important to apply software updates to fix these vulnerabilities as they are provided by vendors, and otherwise – for larger organisations – applied under a structured patching regime.
Interconnectedness, however, also presents vulnerability. We rely on being connected to others – whether people or businesses – via the internet. However, this connectedness can represent a first best line of defence or vulnerability. It is important that people are trained and their access controlled. It is also important to ensure that an individual’s or organisation’s ecosystem is similarly implementing its cyber security program. Otherwise, they may that organisation or individual vulnerable.