Top 10 Threats to Information Security

Modern technology and society’s constant connection to the Internet allows more creativity in business than ever before – including the black market. Cybercriminals are carefully discovering new ways to tap the most sensitive networks in the world. Protecting business data is a growing challenge but awareness is the first step. Here are the top 10 threats to information security today:

Technology with Weak Security – New technology is being released every day. More times than not, new gadgets have some form of Internet access but no plan for security. This presents a very serious risk – each unsecured connection means vulnerability. The rapid development of technology is a testament to innovators, however security lags severely1.

Social Media Attacks – Cybercriminals are leveraging social media as a medium to distribute a complex geographical attack called “water holing”. The attackers identify and infect a cluster of websites they believe members of the targeted organization will visit2.

Mobile Malware – Security experts have seen risk in mobile device security since the early stages of their connectivity to the Internet. The minimal mobile foul play among the long list of recent attacks has users far less concerned than they should be. Considering our culture’s unbreakable reliance on cell phones and how little cybercriminals have targeted them, it creates a catastrophic threat.

Third-party Entry – Cybercriminals prefer the path of least resistance. Target is the poster child of a major network attack through third-party entry points. The global retailer’s HVAC vendor was the unfortunate contractor whose credentials were stolen and used to steal financial data sets for 70 million customers3.

Neglecting Proper Configuration – Big data tools come with the ability to be customized to fit an organization’s needs. Companies continue to neglect the importance of properly configuring security settings. The New York Times recently fell victim to a data breach as a result of enabling only one of the several critical functionalities needed to fully protect the organization’s information4.

Outdated Security Software – Updating security software is a basic technology management practice and a mandatory step to protecting big data. Software is developed to defend against known threats. That means any new malicious code that hits an outdated version of security software will go undetected.

Social Engineering – Cybercriminals know intrusion techniques have a shelf life. They have turned to reliable non-technical methods like social engineering, which rely on social interaction and psychological manipulation to gain access to confidential data. This form of intrusion is unpredictable and effective.

Lack of Encryption – Protecting sensitive business data in transit and at rest is a measure few industries have yet to embrace, despite its effectiveness. The health care industry handles extremely sensitive data and understands the gravity of losing it – which is why HIPAA compliance requires every computer to be encrypted.

Corporate Data on Personal Devices – Whether an organization distributes corporate phones or not, confidential data is still being accessed on personal devices. Mobile management tools exist to limit functionality but securing the loopholes has not made it to the priority list for many organizations.

Inadequate Security Technology – Investing in software that monitors the security of a network has become a growing trend in the enterprise space after 2014’s painful rip of data breaches. The software is designed to send alerts when intrusion attempts occur, however the alerts are only valuable if someone is available to address them. Companies are relying too heavily on technology to fully protect against attack when it is meant to be a managed tool.

To learn more about Georgetown University’s online Master’s in Technology Management program, request more information or contact an admissions representative at (202) 687-8888.


1Ten Napel, Novealthy, Mano. "Wearables and Quantified Self Demand Security-First Design." Conde Nast Digital, 2015. Web. 12 Sept. 2015.
2Sterling, Bruce. "Spear-phishing and Water-holing." Conde Nast Digital, 10 Oct. 2012. Web. 12 Sept. 2015.
3Krebs, Brian. "The Target Breach, By the Numbers." Krebs on Security RSS. Krebs on Security, 14 May 2014. Web. 12 Sept. 2015.
4"Cybersecurity Lessons from the New York Times Security Breach." GovDefenders. DLT Solutions, 2013. Web. 12 Sept. 2015.