Came across this article over on Computer World… In this ever increasing complex world it’s nice to know who your threats are. This type of information feeds nicely right into the “businessy” risk-based approaches to addressing security. You could have the most vulnerable system in the world however if there are no threats that want to attack that system it’s sort of a waste of money to add security to protect it. If you don’t think you have any threats though you’ll probably incorrect. It may be worth taking a look at these general categories to assist in identifying threats that may affect your organization or system.
According to the Computer World article, IT’s nine biggest security threats include:
- Cyber Crime Syndicates
- Small-Time Cons – & the Money Mules/Launders Supporting Them
- Intellectual Property Theft & Corporate Espionage
- Malware Mercenaries
- Botnets as a Service
- All-in-One Malware
- Increasingly Compromised Web
- Cyber Warfare
Years ago the typical hacking scenario involved a lone attacker and maybe some buddies working late at night on Mountain Dew, looking for public-facing IP addresses. When they found one, they enumerated the advertising services (Web server, SQL server, and so on), broke in using a multitude of vulnerabilities, then explored the compromised company to their heart’s content. Often their intent was exploratory. If they did something illegal, it was typically a spur-of-the-moment crime of opportunity.
My, how times have changed.
When describing a typical hacking scenario, these days you must begin well before the hack or even the hacker, with the organization behind the attack. Today, hacking is all crime, all the time, complete with bidding markets for malware, crime syndicates, botnets for hire, and cyber warfare gone amok.
Do you have other security threats to add to this list? Post your comments below. Today’s post pic is from Computing.co.uk.