According to FBI Director Robert Mueller, cyber-crime is on track to
surpass terrorism as the most serious security threat in the United States. Businesses in particular face an increasing risk of exposing themselves to cyber-attacks. Here is a list of the top five cyber threats that threaten businesses today.
1. Web Application Security – According to the Web Hacking Incident Database, Web application exploits, specifically SQL injection, account for 27.1% of reported attacks. SQL injection attacks use vulnerabilities in a website’s code to obtain access to data in the site’s database. Such attacks are commonly used to obtain sensitive information, such as credit card numbers, addresses, Social Security numbers, and other information which can then be used or sold.
2. Social Media – Cyber criminals comb through sites such as Facebook to obtain personal information, and to instigate phishing schemes against users. Users often fail to adequately protect their information using the sometimes confusing privacy settings. Also, data stored on social media sites is vulnerable to viruses and malware used to obtain information used in identity theft.
3. Phishing – Phishing remains a serious threat. The 2011 Norton Cyber crime Report indicates that 21% of cyber crime involves online scams or phishing. Attackers use email, social media, and malicious websites to obtain information such as user ids, passwords, and other sensitive data. A common scam involves someone posing as a systems administrator or security professional, asking for login information following supposed “system maintenance,” or to reset a user’s login information for them.
4. Wireless devices – Attacks on systems using smartphones and other wireless devices are a particularly insidious threat to businesses. Smartphones and tablets are common devices with wireless networking capability, but are frequently left unsecured against viruses or malware. With the dramatic increase in smartphone and pad adoption, this is an attractive backdoor for cyber criminals, giving them easy access to an otherwise secure network.
5. Advanced persistent threats – An advanced persistent threat is a person or a group pursuing objectives such as fraud, theft, or industrial espionage. According to a report published following Georgia Tech’s 2011 Cyber Security Summit, the coordinated use of botnets (such as Stuxnet), phishing, malware, and fraud to obtain sensitive information from credit card numbers to design schematics is on the rise. What makes these threats especially dangerous is the covert nature of the threat. APTs fly under the radar, letting them continually exploit security vulnerabilities.