Unit.2 | Cybersecurity
Learning Unit | Cybersecurity

Systemic Vulnerabilities in Cybersecurity

Chapter 02/04

Systemic Vulnerabilities in Cybersecurity

  1. Common Vulnerabilities
  2. Changes You Can Make


Discover how large organizations like businesses and governments are uniquely vulnerable to cybersecurity threats. Learn about common systemic vulnerabilities such as old infrastructure, insufficient investment and spotty laws.

Key Terms:

  • Cybersecurity
  • Vulnerability
  • Ransomware
  • Antivirus software
  • Two-factor authentication

Cybersecurity can be focused on protecting individuals from hackers—like making sure your microwave isn’t being used as a listening device. But it’s also about protecting big organizations, like businesses, state and local governments, and the military.

These organizations are prime targets for hackers because their large information systems contain so much data. Over the past five years, the five most cyberattacked sectors were health care, manufacturing, finance, government and transportation. Imagine how an attack on a city’s transportation system could cause mass panic and incapacitate the population. It’s a huge challenge because there are so many ways attackers can gain access to a system.

Business and government leaders need to take cybersecurity seriously by making it a priority. However, many are slow to realize this. A PricewaterhouseCoopers survey of 3,000 business leaders from more than 80 countries found that fewer than half were prepared for a cyberattack.

An illustration of pixelated chains.

Common Vulnerabilities

Here are the top five vulnerabilities that leave large systems are vulnerable to hacks.

Old Infrastructure

Water, power and electric grids were built on old infrastructure, and retrofitting old systems with new information and communications technology leaves them vulnerable to terrorism and cyberattacks. It happened to Ukraine in 2015, when a cyberattack on the power grid left almost 250,000 people without electricity. Cybersecurity experts say that the people who manage our infrastructure systems need to plan for cybersecurity under the assumption that an incident will happen—not that it might.

A city being lit via its protected power grid.

This will enable them to build resilient systems and create effective incident responses. They can do this by investing in cybersecurity talent, forming a cyber incident response team and shifting the organization’s mindset toward a focus on prevention.

Insufficient Investment

Cybersecurity budgets must cover an analysis of current, emerging and future vulnerabilities, plus money for the resources needed to counter those threats. When people don’t see the value in cybersecurity, they tend to avoid add-on investments, but cybercrimes have more repercussions than ever before.

To improve cybersecurity, companies need to spend more than they have in the past and invest in the process over the long term. After all, they’ll end up spending money anyway if an attack occurs. Researchers predict that ransomware damages could cost more than $11 billion in 2019. Meanwhile, the prices for hacker toolkits start as low as $1.

Spotty Laws

The U.S. has a few data-breach laws, but they’re poorly enforced and differ from state to state. Complicating matters, cybercrimes go vastly underreported because companies fear harming their reputation and assume law enforcement can’t help.

Cybercrimes go vastly underreported because companies fear harming their reputation and assume law enforcement can’t help.

Industries like health care and financial technology have led the push to introduce cybersecurity laws. In 2019, 45 states and Puerto Rico introduced 260 cybersecurity bills or resolutions focused on improving government security, addressing security for the internet of things, creating cybersecurity task forces and more. Because there are few federal cybersecurity laws, the CompTIA Advocacy team helps companies better understand their responsibilities across state lines.

The exterior of a courthouse.

Lack of Awareness

Being unaware of a problem doesn’t prevent it from happening. A lack of awareness gives potential hackers an even bigger window through which to enter. As a nation, the United States is known for having the best physical defenses in the world, but executives and government leaders struggle to wrap their heads around the huge risks they’re taking by not employing the right kinds of cybersecurity. More awareness, support and funding are needed to respond to and recover from cyber warfare.

Shortage of Skilled Workers

Tech security used to involve just hardware, with antivirus software installed on people’s computers. Now cybersecurity is its own discipline, and people get paid big money to secure networks and protect private information. Cybersecurity experts have to think like hackers and imagine vulnerabilities before anyone else can. They work like detectives getting into the minds of criminals.

A cybersecurity officer at work.

Careers in Cybersecurity

Learn More

To protect ourselves, we need more skilled workers. There’s a big need for cybersecurity experts, with jobs available in every state. Through classes, certifications and experience, you can start on a path to cybersecurity. To understand how well companies will pay for this kind of expertise, consider this: The national median salary for someone with the CompTIA CyberSecurity Analyst certification is $74,952.

Changes You Can Make

To protect your digital information, start by installing two-factor verification on your accounts.

Organizational leaders may be slow on the cybersecurity uptake, but you don’t have to be. To protect your digital information, start by installing two-factor verification on your accounts. This means that in addition to a password, you’ll enter a code—either texted to your phone or available through Google Authenticator—to access your accounts. It’s a small step that guarantees a higher level of security.

You should also change your passwords every 90 days. This can be confusing, but a regularly renewed password protects you if your information ever gets out as part of a larger attack.

And pay attention to the steps taken by your local governments and the businesses you patronize to protect themselves from security threats. If you think they could be doing more to prioritize cybersecurity, let them know. It’s your information and safety at stake.

Next Section

How a Hack Happens

Chapter 03 of 04

Learn more about how hacks occur. Explore hacker motivations and the techniques hackers use to steal your data.