Anyone in security knows that it’s all too easy to feel ready for whatever comes our way. After all, we’ve spent countless hours studying the field--we know what to look out for, we’ve put out many fires before, and we’re prepared for the next big threat. But the reality is that the target we’re aiming for isn’t stationary, and whatever we nail down as the top threat today is often swept away by a new one within just a matter of days--sometimes even hours. So, can we really define the top risks in today’s world? Maybe. But in order to do so, we have to first recognize the most dangerous risks.
Common security risks
As of this writing, conducting a simple search for “top security risks list” pulls up a whopping 167,543 responses. If you’re a manager or business owner looking to find the magic bullet to protect your infrastructure, you may feel like you need to read up on all these to make sure you’re covered. But there are a couple of things to consider first. Before you dive into all of that additional research, take a moment to recognize that you may not be able to define the one thing that you need to be most concerned about. Not only is it an exercise in futility, but I guarantee if you focus on that one thing, you’ll miss numerous other risks in the process. On top of that, you may need to change your focus; sometimes the danger isn’t necessarily out there-- instead, it may be closer than you think.
Mobile computing risks
At the moment, mobile computing tops the list of most-likely risks, and with good reason. In the good old days of computing, most--if not all--of our resources were static and in-house. Whether it was the big mainframe and terminals, or the multitude of servers and various flavors of desktops in our environment, everything was local. We could push out security patches with the press of a button and, assuming we used good security practice (and took care of the second biggest risk in security by providing a solid, reliable inventory mechanism), we could even see what was on them and control our baselines.
But now computing is more than mobile. It’s almost omni-present. Smart phones, tablets, and laptops, to name just a few, all provide our workforce with the freedom to take care of business needs anywhere, anytime. However, controlling those devices is almost impossible on such a large scale (often, even on a small scale). And when you also consider the Internet of Things (IoT), where our appliances of all types now hold IP addresses and process data, the task can seem downright overwhelming. It really is the classic security vs. usability concept in macro.
Other factors that show up on nearly every list includes ransomware (which is often tied to phishing and social engineering), doxing, and for-profit hacking. Given the prevalence of ransomware, chances are high that you know someone in your immediate family who’s already been a victim. But don’t start thinking this is just a problem for individuals sitting at home, opening email links or clicking links on sites they shouldn’t be visiting in the first place. Ransomware is social engineering at heart, and if your internal users have access to the external world, you’re at risk.
For those unfamiliar, doxing is the art of searching for, and then publishing private (or other) information, sometimes for the purpose of public shaming and associated extortion. To put it simply, doxing is typically intended to bring someone down. And it’s another issue that folks seem to think is reserved only for individuals and famous folks. But you’d be remiss to ignore this. You’d be surprised what information about your business, and the people that work in it, is available for a dedicated doxer. And if you don’t think public opinion can be shifted by the publication of information you meant to keep secret, then you need to start paying attention.
Hacking has always had some sort of profit mentality assigned to it, even if that profit was notoriety and fame. Modern hacking is far more sophisticated than you might think. Organized criminal hacking groups can aim their focus at anyone or any business, and they often use this for monetary profit. We’re not just talking about groups of teenagers huddled in basements looking for extra time on gaming consoles. These are highly skilled, often state-sponsored groups dedicated to task and take their responsibilities very seriously.
We could spend the whole day talking about all of the potential risks, big and small, that you should be aware of. But when it comes down to the biggest security threat, where should you truly turn your attention? Find out with our guide: Big security threats your organization needs to take seriously now.