Speed, efficiency and productivity drive business. These drivers, however, cannot be imagined without information and communications technologies. And these technologies in turn ride on a maze of networks that have become all pervasive and hence indispensable to our daily social and economic existence. That’s one part of the story. The other part of the story is the fact that as businesses become more and more dependent on networks, they become more and more vulnerable to threats and attacks from hitherto unimagined sources.

Now just consider these findings of the recently released Symantec Internet Security Threat Report that surveyed more than 400 companies in 30 countries:

• On an average, companies experienced 30 attacks per company per week during the last six months of 2002.

• Approximately 85 percent of this activity was classified as pre-attack reconnaissance, and the remaining 15 per cent were various forms of attempted (or successful) exploitation.

• Despite the decline in the attack volume over the prior six-month period, average attacks per company during the past six months remained 20 per cent higher than the rate recorded during the same six-month period in 2001.

The same report also had another set of warning for networked companies:

• In addition to exceeding external attacks in overall volume, the customer self-assessments of damage were particularly high for internal cases of abuse and misuse.

• High self-reported damage estimates, coupled with relative simplicity with which the perpetrators acted, should be considered a warning sign that protecting against the internal threat is extremely important.