Threat Hierarchy

I used to do a lot of breakfast seminars. Well, I still do a lot of breakfast seminars.

I used to do a lot of breakfast seminars. Well, I still do a lot of breakfast seminars. But I used to have a slide that depicted the threat hierarchy. It was a list from low threat to high threat. I did not create it. I am sure credit lies here. It went like this:

-Experimentation -Defacement -Hacktivism -Cybercrime -Information Warfare.

Experimentation is still a relevant threat. If your organization likes to expose everything over the intranet you may have problems with users that notice for instance that their employee ID number is used in the URL window of the browser. Change that number and they can see their co-worker’s 401K plan!

Defacement used to be a real headline grabber. Remember the day the NY Times website got defaced? Now defacement is embarrassing but no one really cares. Unless you are a security company; then it can be pretty bad.

Hacktivism was the idea that hackers would deface websites and attack online resources to further their ideological cause. This still goes on in the Mideast and between Pakistan and India.

Then I got to cybercrime. I used to say: “There is no Lex Luther of the Internet