Top 10 Security Threats

2010-05-12

Alan Calder, chief executive of security and compliance organization IT Governance, reveals his list of today's top ten security threats to ZDNet UK stating "The more you know about the likely avenues of cybercrime attack, the better you can protect yourself against them". Some of the main information security threats right now that made the list include:

- Vulnerable web apps: First on the list are website attacks that exploit poorly secured web applications. Finding the open door of an insecure application is the essential first step in any website attack. Expect a sharp rise in this mode of entry by cybercriminals.

- Theft of credit-card details: Perhaps only five percent of e-commerce websites are PCI DSS-secure. The payment card industry is seeing frightening increases in the hacking of merchant security systems to obtain card data, particularly with merchants that accept cardholder information over the internet.

- Exploiting the latest technology: New technologies such as voice over internet protocol, virtualization and even the iPhone all introduce security risks, as hackers immediately start finding ways to exploit inherent vulnerabilities.

- Spam: We have seen huge increases in spam, almost to levels of denial of service. About 90 percent of all email messages are either spam or phishing attempts, according to computer security software provider Symantec.

- Complacency: You can have all the latest technology to secure your internet perimeter but if your employees are not trained in how to follow and enforce your security policies, you may not be prepared to stop an enemy walking in the front door to gain access to your data.

Calder says, "Compared with many of the investments made by organizations, data protection compliance comes at a bargain price. Any organization not addressing information security with a formal compliance regime is not only risking financial penalties; if you let your customers down, your very survival will be on the line."

Read the entire list at ZDNet UK.