Font Size Change

HOMEIT SecurityMeasures for Information Security Vulnerabilities“10 Major Security Threats 2014“


IT Security

“10 Major Security Threats 2014“

December 26, 2014

This report explains the threats surrounding information systems these days based on the expertise and insights of the 10 Major Security Threats Committee, which consists of 117 people, such as researchers and corporate IT staff, in the field of information security.

It has 3 chapters:

  • Chapter 1: Threat Category and Trend
    Chapter 1 categorizes threats by the attacker’s intention to attack and characteristics of the targets, and social backgrounds that have created these threats.
  • Chapter 2: 10 Major Security Threats 2014
    Chapter 2 shows the ranking and description of the 10 major security threats observed in 2013 selected by the 10 Major Security Threats Committee.
  • Chapter 3: Emerging Threats and Concerns
    Chapter 3 discusses about 3 threats that could potentially have a big impact on the society and would grow into more apparent threats within coming years.

IPA hopes this report will help the public understand the situation surrounding information security these days and take necessary actions, and be leveraged in security training and education programs at the companies.

Download the Report:

10 Major Security Threats 2014
~ Information Security Is Getting Increasingly Complex… What Threats Are YOU Facing? ~

Summary of the 10 Major Security Threats (Chapter 2)

Those that have been ranked in the 10 Major Security Threats observed in 2013 are listed below:

1st: Espionage Operations through Targeted Attack

Espionage Operations to steal classified information through the Internet are booming. Those attacks are targeting a wide range of organizations from government agencies to companies and becoming an issue of concern that threatens national interests and corporate management.

pic. 1st

2nd: Unauthorized Login and Use of Services

In 2013, unauthorized login and consequent unauthorized use of services or information leakage occurred frequently. One of the causes of unauthorized login is reuse of passwords at the various websites. Users should use a different password for each website.

pic. 1st

3rd: Website Hacking

2013 witnessed the increase in Website hacking. Website hacking is used as part of attack schemes to spread virus infection. Website administrators should keep in mind that the ultimate victim of website hacking is the visitors to their website, and, thus, take necessary security measures to prevent that.

pic. 1st

4th: Leakage of User Information from Web Services

During the first half of 2013, a number of membership-based web services suffered hacking attacks and a large volume of user information was stolen. If information leakage occurs at web services sites where a huge amount of personal and sensitive information like credit card data is stored, the ramifications are very huge. Thus, the services need to take adequate security measures.

pic. 1st

5th: Unauthorized Online Banking Transfer

2013 saw the largest-ever number of unauthorized online banking transfer cases and the largest-ever losses, and such transfer drew public attention. The transfer involves theft of the user’s credential with phishing scam or virus, impersonation of a bank account holder and fraudulent wire transfer.

pic. 1st

6th: Malicious Smartphone Applications

There have been a series of incidents where smartphone applications which seem attractive but in fact contain malicious code steals information stored in a smartphone, such as the address book data without the owner’s knowing. The secondary damage has also been confirmed in which the stolen personal information is abused in cybercrimes such as spam operations and billing frauds.

pic. 1st

7th: Careless SNS Posting

With the prevalence of SNS, more and more people have come to post their private information on the Internet easily. On the other hand, there were the cases where imprudent employees posted work-related information to SNS, and as a result, their employers (companies and organizations) suffered serious damage.

pic. 1st

8th: Information Leakage through Loss of Devices and Misconfiguration of Settings

Information leakage through loss of laptop PCs or USB memory sticks continue to occur. It was and still is one of the most common security incidents. Meanwhile, due to the prevalence of smartphones and cloud computing services, the methods, media and places to store data have become diverse. Accordingly, risk of information leakage has increased.

pic. 1st

9th: Fraud/Extortion with Virus Attacks

Virus attacks with which the attacker uses ransomware that holds the user’s PC hostage and demands money to free the hostage PC have been increasing. If the PC is infected with ransomware, the user cannot access the data on his or her PC in some cases, which has a big impact on the user’s work and inflict severe psychological damage on the user.

pic. 1st

10th: Denial of Service

In 2013, the data at several Korean companies and government agencies were destroyed by virus, which rendered the systems unusable. Also, DDoS attacks that exploit open DNS resolvers to make them an attack platform have been a serious problem.

pic. 1st


IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)