Last year I published The Top Ten Cybersecurity Threats for 2008 at The CEP Blog, motivated by a plethora of "top 10 threat lists" that confuse vulnerabilities and threats. A number of fellow CISSPs and security colleagues on LinkedIn (thank you!) collaborated on the list:
- On-line masquerading to abuse, attack, blackmail, bully, extort, or molest others.
- Criminal fraud by password and identity theft via phishing, spyware, malware and theft of hardware.
- Criminal use of botnets and botnet-like technologies for economic gain, for example email spam and denial of service attacks.
- Cyberterrorism, bulling, vandalism and other forms of electronic violence and malfeasance.
- Subversion of democratic political processes.
- Criminal manipulation and subversion of financial markets.
- Spying and theft of data by governments, industry, terrorists and other criminals.
- Denial-of-service attacks by criminals and terrorists.
- Sabotage, theft and other attacks by disgruntled employees and insiders.
- Natural disasters, accidents or errors without malicious intent.
We are getting close to the halfway mark to 2009, so please feel free to comment and collaborate as we revisit and evolve our top ten threat list for next year.