Here is the final list of the top ten cybersecurity threats for 2008:

— On-line masquerading to abuse, attack, blackmail, bully, extort, or molest others.

— Criminal fraud by password and identity theft via phishing, spyware, malware and theft of hardware.

— Criminal use of botnets and botnet-like technologies for economic gain, for example email spam and denial of service attacks.

— Cyberterrorism, bulling, vandalism and other forms of electronic violence and malfeasance.

— Subversion of democratic political processes.

— Criminal manipulation and subversion of financial markets.

— Spying and theft of data by governments, industry, terrorists and other criminals.

— Denial-of-service attacks by criminals and terrorists.

— Sabotage, theft and other attacks by disgruntled employees and insiders.

— Natural disasters, accidents or errors without malicious intent.


Acknowledgements and References

A special word of appreciation for the reviews, comments and suggestions from the Certified Information Systems and Security Professionals (CISSPs) community and the LinkedIn professional network.

In particular, comments and suggestions from Gary Hinson, Bill Marlow, Eugene Schultz, Mike Smith, Lea Viljanen, and Alex Voytov were used to refine and improve the list.  Thank you.

This project was motivated by my friend and colleague in Thailand, Dr. Prinya Hom-anek.

An on-line Google spreadsheet of the comments on The Top Ten Cybersecurity Threats for 2008 – Final Draft and my resolution of the comments can be found here.


  1. I received an email. The address was my Cousins email Address.But it had no name of the sender. The address was same but the only difference was The original Emails i received from my cousin had his name in it and the fake one had only the same email address but no name of sender or any signature. How can this happen?
    What has happened in this situation?

Comments are closed.