Other examples are:
1.
Lack of risk assessment: The lack of an existing formal
strategic risk assessment to cover assets that are critical
to an organization is a likelihood for vulnerabilities to be
exploited by threats. Risk assessment is a process to
identify potential hazards and analyze what could happen
if a hazard occurs through a business impact analysis.
2.
Social Engineering Attacks: Social engineering is not a
cyberattack but a major human threat to IT systems that
occurs when bad actors or unscrupulous individuals gain
the trust of their targets to lower their guard and give up
sensitive information that compromise IT systems. It is
psychologically manipulating IT system users to instill
fear, excitement, or urgency. Techniques used in social
engineering attacks include phishing emails (attack to
steal money or identity), pretexting (creating a false
scenario to obtain information), baiting (using enticing
incentives), or impersonation (pretending to be another
person). Regular user awareness training can reduce
social engineering attacks, such as complying with
password complexity, being able to identify phishing
scams, not sharing sensitive information through insecure
channels. Social engineering is also called human
hacking.
