Organizations are finding it difficult to prioritize defense strategies against cyberattacks because most of them do not have an Internet-wide view of the attacks, according to a report from SANS Institute, the security training organization.

As a result, two security risks--Web applications and phishing--carry the greatest potential for damage, even though users instead tend to concentrate on less-critical risks.

The report, published by security training organization SANS Institute, amalg...