Thinking about your own organization, please rate the following potential security threats on the degree of concern you have for each.
- Trusted third parties
- Hacktivists
- Hackers
- Internal employees
- Contractors
- Mobile devices
- Cloud-based services
- Malware
- State sponsored acts
- Cyber terrorism
- Organized crime
- Application vulnerabilities
Mobile devices are a threat? Cloud-based services are a threat? Really? I think of those two things as technologies. Neutral technologies. Now these technologies may be full of vulnerabilities. And there is a probability that these vulnerabilities may be exploited by threats... which will have impacts.
Heck I'd even say malware isn't a threat. Attackers using malware is.
And this from a survey targeting ccertified professionals who are supposedly tested in the basics of the risk equation. But maybe different folks have a different way of thinking about threats? Am I taking crazy pills?
So the question I put to all of you - What is a threat?