Title: Top 2008 Security Threats
Post by: oneeyedcarmen on June 03, 2008, 08:06:32 AM

Tim Bass (http://thecepblog.com/) has posted an entry on the (ISC)²blog (http://blog.isc2.org/isc2_blog/bass/index.html) regarding what he and a few others feel are the top security threats for 2008.

Quote from: Tim Bass

The Top Ten Cybersecurity Threats for 2008 Revisited

Last year I published The Top Ten Cybersecurity Threats for 2008 at The CEP Blog, motivated by a plethora of "top 10 threat lists" that confuse vulnerabilities and threats. A number of fellow CISSPs and security colleagues on LinkedIn (thank you!) collaborated on the list:

The Top Ten Cybersecurity Threats for 2008

1. On-line masquerading to abuse, attack, blackmail, bully, extort, or molest others.
2. Criminal fraud by password and identity theft via phishing, spyware, malware and theft of hardware.
3. Criminal use of botnets and botnet-like technologies for economic gain, for example email spam and denial of service attacks.
4. Cyberterrorism, bulling, vandalism and other forms of electronic violence and malfeasance.
5. Subversion of democratic political processes.
6. Criminal manipulation and subversion of financial markets.
7. Spying and theft of data by governments, industry, terrorists and other criminals.
8. Denial-of-service attacks by criminals and terrorists.
9. Sabotage, theft and other attacks by disgruntled employees and insiders.
10. Natural disasters, accidents or errors without malicious intent.

We are getting close to the halfway mark to 2009, so please feel free to comment and collaborate as we revisit and evolve our top ten threat list for next year.

You fine folks have anything to add?

Title: Re: Top 2008 Security Threats
Post by: don on June 03, 2008, 11:15:22 AM

Not sure about #10. It is a risk without a doubt and should be addressed in your disaster recovery plan, but I'm not sure I buy it as a "cybersecurity" threat.

Would #8 fit into #4?

Just my thoughts right off the bat.

Don

Title: Re: Top 2008 Security Threats
Post by: RoleReversal on June 04, 2008, 03:00:52 AM

Don,

overall I would agree with your analysis of #10 and it should definitely be addressed in a DR plan.

However it is human nature to be more helpful to return full service following a disaster and this can come in the form of reducing security checks to increase speed of operation. If your working environment requires stringent security controls you must ensure that they are enforced at all times to protect against an opportunist strike during a vulnerable moment.

In line with the DR theme, a client of mine recently finished an internal risk assessment. The results suggested that there is a 20% of a plane hitting my facility (despite us not being near an airport or under a flight path), think I need to claim danger money ;)

Title: Re: Top 2008 Security Threats
Post by: pjayes on June 05, 2008, 08:21:59 AM

I agree with number one, that is also proberly the hardest to defend against, i think number 7 should be a little higher on the list, what threat is the easist to defend against / the hardest to defend against.

pjayes

Title: Re: Top 2008 Security Threats
Post by: g00d_4sh on June 05, 2008, 02:04:42 PM

I think honestly Don he wanted to make it an even 10 things.. like "Ten Commandments" and all that. You know... just rolls off the tongue better than the "Eight top security threats" or... "Six" or whatnot. Hense... a little fluff, and perhaps repeating of threat vectors is expected. ;)

Ethical Hacker Community Forums

Ethical Hacking Discussions and Related Certifications => Other => Topic started by: oneeyedcarmen on June 03, 2008, 08:06:32 AM