- How Seriously Should You Take Threats to Network Security?
- Identifying Types of Threats
- Assessing the Likelihood of an Attack on Your Network
- Basic Security Terminology
- Concepts and Approaches
- How Do Legal Issues Impact Network Security?
- Online Security Resources
- Test Your Skills
Assessing the Likelihood of an Attack on Your Network
How likely are these attacks? What are the real dangers facing you as an individual or your organization? What are the most likely attacks, and what are your vulnerabilities? Let’s take a look at what threats are out there and which ones are the most likely to cause you or your organization problems.
At one time, the most likely threat to individuals and large organizations was the computer virus. And it is still true that in any given month, several new virus outbreaks will be documented. New viruses are being created all the time, and old ones are still out there. However, there are other very common attacks, such as spyware. Spyware is quickly becoming an even bigger problem than viruses.
After viruses, the most common attack is unauthorized usage of computer systems. Unauthorized usage includes everything from DoS attacks to outright intrusion of your system. It also includes internal employees misusing system resources. The first edition of this book referenced a survey by the Computer Security Institute of 223 computer professionals showing over $445 million in losses due to computer security breaches. In 75% of the cases, an Internet connection was the point of attack, while 33% of the professionals cited the location as their internal systems. A rather astonishing 78% of those surveyed detected employee abuse of systems/Internet. This statistic means that in any organization, one of the chief dangers might be its own employees. In 2019 similar threats still exist, with only slight changes in the percentages.
The 2014 Data Breach Investigation Report from Verizon surveyed 63,437 security incidents with 1367 confirmed breaches in 95 countries. This survey showed significant employee abuse of the network as well as many of the familiar attacks we have already discussed in this chapter. The 2015 Data Breach Investigation Report did not show significant improvement. In 2019, the situation was not improved. In fact, as mentioned earlier in the chapter, it is expected that cybercrime will cost more than $1 trillion per year.