Cyber-attacks tend to take the path of least resistance. So what are some of those paths? What vulnerabilities do hackers look for first? 

According to a survey conducted at the Def Con 18 hackers’ convention, poorly configured networks tops hackers’ lists. They like to exploit inadequate security audits and IT staffers who don’t know what to look for when they’re monitoring and testing networks.

Hackers also prefer threats that change too fast to be properly addressed. And they look for insiders who can be persuaded — or forced — to aid their attack.

In addition to application vulnerabilities, especially web app vulnerabilities, that continue to be exploited by SQL injection, cross-site scripting, etc., and the infrequent patching that leaves hardware open to attacks which can remain undiscovered for months, just about every organization faces other security worries in 2012, notably:

• Expanding interconnectivity between organizations and increasing mobility of employees 
• Targeted zero-day attacks, which are now focusing on smaller businesses with weaker defenses
• Advanced persistent threats, a special class of malware posing major new detection challenges
• The weakest link in your security chain — your end-users
• Managing (and securing) the use of social media
• Unsecured virtual machine deployment
• Sensitive data in the cloud

OK, this sounds scary. And it’s true that there’s no such thing as absolute, guaranteed security. But you can do plenty to protect your business and its information assets. Check back here in a few days to find out more …