That might seem counter-intuitive. And that's exactly the point... we are programmed through evolution to focus on the sensational risks.
We've been hearing plenty about cyber-war and state-sponsored attacks. These are big and scary things. It seems that the power grid is a key target. Well, it turns out that cyber attack is not the top issue that effects the power grid. Not even close. And what's a more serious and regular threat??? Squirrels! No, that's not a joke.
Here's a great presentation at this year's ShmooCon, an annual security conference:
But here's the point of all this... while it's fun to laugh at, or dislike, squirrels, there's an important lesson here. We do need to speculate and consider the future when conducting risk assessments. But we also need to have strong focus on reality! That means assuring you are considering mundane, but very real threats and vulnerabilities that are actually happening. It's far to easy for us to focus on high impact, very low likelihood events to the exclusion of those high-probability, common attacks like phishing.
So skip the sharks and watch out for the squirrels!