Of course, corporate folks are concerned with security. It's our guess that a good deal of that concern is manifest as unfocused anxiety, not specific worry about specific threats.
Underlying that tension likely is a feeling that the threats are changing. The bad guys' focus has shifted away from overt network invasions because the security industry has done a better job of barricading the perimeter.
That certainly doesn't mean that the dark side has closed up shop and gone home. Far from it. Dark Reading, in conjunction with its first anniversary, has released a top five list of current vulnerabilities. This is what IT managers and the folks who pay them should be worrying about. The takeaway is that things are growing more dangerous simply because the ways in which attacks are orchestrated are growing more diverse.
The list is seems pretty solid: The top problem is portable storage. MP3 players and the like can bring viruses and other bad things into an organization just as easily as they can take valuable data out. Second on the list is Web applications, which many experts call scandalously insecure. The third spot is occupied by inside attacks, a long-term problem that seems to be peaking. Number four is insecure endpoints, which is more or less a nice way of saying lazy or ignorant folks roaming around with inadequately protected mobile devices. Rounding out the top five is botnets, the armies of hijacked PCs that mount attacks or release blizzards of spam at the behest of organized crime.
The only problem with the list is that it wasn't posted on Halloween. It's interesting that at least four of the problems -- insider threats are the exception -- weren't big problems until relatively recently. Insecure endpoints and portable storage vulnerabilities are related to the explosion of mobility. Web application security troubles are a unique category, because they seem to simply be a re-purposing of hacker initiatives that formerly attacked through the network.
It also seems that, in general, crackers and other malcontents also are becoming more sophisticated. They've had to because of the great success at perimeter security. For instance, the authors of the giant heist of data from TJX -- which involved as many as 45 million credit and debit cards -- were able to wiggle around in the system undetected for 17 or 18 months. This suggests that executives' anxiety, as unfocused as it may be, clearly is justified.