The Top Ten Cybersecurity Threats for 2008 – Final Draft

As promised, here is the final draft of my perspective on the top ten cybersecurity security threats for 2008. 

I reviewed many prior “top ten” threat lists and noticed most of them accidentally confuse vulnerabilities and threats, listing vulnerabilities as threats.   In my review, I could not find any “top ten” threat lists which attempted to use, or follow, the security professional’s textbook definition of threats.   Even the 2008 McAfee list makes this common mistake, listing Window’s Vista and VoIP as “threats” when, technically speaking, they are vulnerable systems (McAfee’s graph in their PDF has the caption “Windows Vulnerabilities” – this speaks for itself.)

My goal was not to create “yet another vulnerability list.”  Instead, my objective was to create a top ten cybersecurity threat list which actually focuses on threats, not vulnerabilities.  Please feel free to comment, as there is certainly room for improvement.   Your comments are very welcome as we rapidly approach 2008.   Thanks!

Top Ten Cybersecurity Threats for 2008

   — Cyber masquerading to abuse, attack, blackmail, bully, extort, or molest.

   — Password and identity theft from phishing, spyware, malware and theft of hardware.

   — Criminal use of botnets and botnet-like technologies.

   — Cyberbullying, cyberterrorism and other forms of electronic violence.

   — Subversion of democratic political processes.

   — Criminal manipulation and subversion of financial markets.

   — Spying by governments, industry and criminals.

   — Denial-of-service attacks.

   — Sabotage, theft and other attacks by disgruntled employees and insiders.

   — Cyberspace vandalism.

©2007 Tim Bass - All Rights Reserved

The Top Ten Security Threats for 2008 (Part 15) – Insiders

Here is my final entry for the 2008 list of top ten cybersecurity threats:

      — Sabotage, theft and other attacks by disgruntled employees and insiders.

The Computer Security Institute and FBI conduct an annual CSI/FBI Computer Crime and Security Survey of U.S. corporations, government agencies, financial institutions, and universities. Eightly percent of the information security professionals who responded indicated that disgruntled and dishonest employees are the greatest threat to their computer systems [reference]. 

This list would not be complete without adding “the insider threat.” Next, I will consolidate and order the list, completing an earlier promise to give my opinion on the top ten cybersecurity threats for 2008.

The Top Ten Security Threats for 2008 (Part 14) – Vandalism

Here is my ninth entry on the top ten cybersecurity threats for 2008:

      — Cyberspace vandalism.

Cyberspace vandalism is the defacement or destruction of visible web sites or less visible computer systems (for example files).   Dangerous acts of vandalism are by often politically or antisocially motivated criminals who break into a web site, steal or destroy files if they can, and then leave a “calling card,” similar to urban grafitti by gangs. 

Computer and web vandalism, as a cybersecurity threat, has been around for a long time.   However, we have seen the threat increasing as radical and extremist groups expand their political and social objectives cyberspace.    The “bragging rights” element of vandalism still exists; but this is falling out of favor to criminal financial gain.    Cyber vandalism can also be used to damage the brand and reputation of organizations.