SANS: Phishing Exploits Are The Top Threat

The SANS institute released the results of  a new survey recently, and found that cybersecurity professionals ranked phishing as the number one exploit this year.  Phishing awareness training programs were seen by many as the best defense against phishing, spearphishing and whaling exploits.  Something that was new this year was the reporting of so-called “malware-less” exploits that use “the built-in features of the operating system to turn it against itself without downloading recognizable files.”  The percentage of cybersecurity pros ranked threats as follows:

  • Phishing – 72%
  • Spyware – 50%
  • Ransomware – 49%
  • Trojan horse exploits – 47%
  • DDoS (Distributed Denial of Service) – 38%
  • Malware-less attacks – 32%
  • APT (Advanced Persistent Threats) – 25%

This study also ranked the top threat vectors as:

  • Email attachment or link – 74%
  • Infected website and drive-by downloads – 48%
  • Application vulnerabilities on user computers – 30%
  • Web application vulnerabilities – 27%

If you are responsible for the security of a business network, you may want to cxlick through to the full report.  There is also a video that is available.

More Information:


About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.