Cyber threats are like rust—they never sleep. Somewhere, whether here at home or in some far-flung corner of the world, people ranging from thrill-seeking hackers to state-sponsored terrorists are cooking up new, more powerful, more insidious attacks. Some—far too many—of these will be successful. A typical reaction to such frightening news is … a yawn.
OK, then, let’s look at some statistics. According to a 2007 report by Gen. James (Hoss) Cartwright, vice chairman of the Joint Chiefs of Staff, there were 37,000 reported breaches of government and private systems in FY 2007 (ending September ’07). That averages to approximately 101 successful attacks a day or around four every hour. There were nearly 13,000 direct assaults on federal agencies, and 80,000 attempted computer network attacks on Defense Department (DoD) systems. That averages to approximately 219 attempted assaults on DoD every day, or around nine every hour. According to that report, some of those assaults “reduced the U.S. military operational capabilities.”
In a top 10 list of cyber threats published by the SANS Institute, an industry leader in cyber security, the first two items were “Increasingly sophisticated Web site attacks that exploit browser vulnerabilities—especially on trusted Web sites” and “Increasing sophistication and effectiveness in bot-nets.”