Top 10 Threats to Information Security

Cybersecurity lock

Modern technology and society’s constant connection to the internet allows more creativity in business than ever before – including the black market. Cybercriminals are carefully discovering new ways to tap the most sensitive networks in the world. Protecting business data is a growing challenge, but awareness is the first step. Here are the top 10 threats to information security today:

1. Technology with Weak Security

New technology is being released every day. More times than not, new gadgets have internet access but no plan for security. This presents a severe risk—each unsecured connection means vulnerability. The rapid development of technology is a testament to innovators, however, security lags severely.

2. Social Media Attacks

Cybercriminals constantly find new ways to take advantage of social media users and their private information. One malicious way they do this is by using emojis and emoticons to engineer users into letting their guard down.1

3. Mobile Malware

Security experts have seen risks in mobile device security since the early stages of their connectivity to the internet. The minimal mobile foul play among the long list of recent attacks has users far less concerned than they should be. Considering our culture’s unbreakable reliance on cell phones and how little cybercriminals have targeted them, it creates a catastrophic threat.

4. Third-party Entry

Cybercriminals prefer the path of least resistance. The Microsoft Exchange Server was victim to a massive cyberattack in March 2021. The attack disrupted nine government agencies and 60,000 private companies.2

5. Neglecting Proper Configuration

Big data tools come with the ability to be customized to fit an organization’s needs. Companies continue to neglect the importance of adequately configuring security settings. Fifth Third Bank fell victim to one of the most significant data breaches of 2020 due to a former employee retaining access.3

6. Outdated Security Software

Updating security software is a basic technology management practice and a mandatory step to protecting big data. Software is developed to defend against known threats. That means any new malicious code that hits an outdated version of security software will go undetected.

7. Social Engineering

Cybercriminals know intrusion techniques have a shelf life. They have turned to reliable non-technical methods like social engineering, which rely on social interaction and psychological manipulation to gain access to confidential data. This form of intrusion is unpredictable and effective.

8. Lack of Encryption

Protecting sensitive business data in transit and at rest is a measure few industries have yet to embrace, despite its effectiveness. The healthcare industry handles extremely sensitive data and understands the gravity of losing it – which is why HIPAA compliance requires every computer to be encrypted.

9. Corporate Data on Personal Devices

Whether an organization distributes corporate phones or not, confidential data is still being accessed on personal devices. Mobile management tools limit functionality, but securing the loopholes has not made it to the priority list for many organizations.

10. Inadequate Security Technology

Investing in software that monitors the security of a network has become a growing trend in the enterprise space after 2014’s painful rip of data breaches. The software is designed to send alerts when intrusion attempts occur, however, the alerts are only valuable if someone is available to address them. Companies rely too heavily on technology to fully protect against attack when it is meant to be a managed tool.

To learn more about Georgetown University’s online Master’s in Information Technology Management program, request more information or contact an admissions representative at (855) 725-7622.


  1. IT Professional, 21(2), 41–49.
  2. "15 Biggest Cybersecurity Attacks in 2021," Privacy Affairs. Retrieved on March 9, 2022, from 15 Biggest Cybersecurity Attacks in 2021 - Privacy Affairs.
  3. "2020 Data Breaches," Identity Force. Retrieved on March 9, 2022, from 2020 Data Breaches: Most Significant of the Year | IdentityForce®.

Learn more