So, when SANS comes out with a document - The Top Cyber Security Risks then it is time to sit up and take notice.
And especially when their findings pretty much agree with what the rest of the industry is saying.
The interesting thing is that there are really only two major risks highlighted and one observation.
The observation is that Companies are being good with patching Operating System level vulnerabilities. I guess this is well-done to Microsoft and the other OS creators. However, if you are not fully patched on an OS level then you are the low hanging fruit. And you will be in trouble.
"Hackers" are moving to hacking applications these days - both pre-packaged ones which you will be more likely to find on the desktop and custom built ones which will more likely be hosted on a website.
So, companies now need to look at patching applications quicker.
They must also have a good solid web application plan in place and stick to it before exposing themselves online.