Now that we have examined the three broad classes of attack. It is an appropriate time to ask? What are the most likely attacks and what are your vulnerabilities? This section covers the basics of what threats are possible and which are most likely to cause you or your organization. The most likely threat to individuals and large organization is the computer virus. In the first nine days of September 2003, the F-Secure security information Website listed 20 new viruses. This is a fairly common monthly statistic. In a month, new virus will be generated & old viruses are still there. All the major anti – viruses software vendors have released protection for the SoBig virus; today alone I receive several e-mails which that virus as an attachment. Therefore, even when a virus is known and there is protection against it, it can continue to thrive because many people do not update their protection or clean their system regularly.
The
most common attacks are unauthorized usage of computer system. Unauthorized usage
includes everything from Denial of Service attacks to outright intrusion of
system. It also includes internal employees misusing system resource. A recent
survey by the Computer Security Institute of 223 computer professionals showed
over 445 million in losses due to computer security breaches. In 75% of cases,
an internet connection was the point the attacks, while 33% of professionals
cited the location as their internal systems. A rather astonishing 78% of those
surveyed detected employee abuse of systems / internet (Computer Security
Institute). This statistic means that, in any organization, one of the chief
dangers might be its own employees.
In
addition to the negative effects of employees misusing system resources, you
need to also consider the possibility of an outright attack by an employee. An “insider”
attacks can cause considerably more damage than your typical internet-based attacks
because the employee haws more familiarity with the organization as a whole.