Increased access to systems created by widespread connectivity of computers poses significant risks to computer systems, and more importantly, to the critical operations and infrastructures they support. The speed and accessibility that create the enormous benefits of the computer age likewise, if not properly controlled, allow individuals and organizations inexpensively eavesdrop on and interfere with these operations from remote locations for mischievous or malicious purposes, including fraud and sabotage.
Fact is: Cyber threats are increasing, and infrastructures are vulnerable.
There is an increased use of cyber intrusions by criminal groups who attack systems for purposes of monetary gain.
Foreign intelligence services
Foreign intelligence services use cyber tools as part of their information gathering and espionage activities.
Hackers sometimes crack into networks for the thrill of the challenge or for bragging rights in the hacker community. While remote cracking once required a fair amount of skill and computer knowledge, hackers can now download scripts and protocols from the Internet and launch them against victim sites. Thus, while attacks tools have become more sophisticated, they have also become easier to use.
Hacktivism refers to politically motivated attacks on publicly available Web pages or e-mail servers. These groups or individuals overload e-mail servers and hack into Web sites to send political messages.
Worldwide, several nations are working aggressively to develop information warfare doctrine, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power.
The disgruntled employee is a principal source of computer crimes. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a victim system often allows them to gain unrestricted access to cause damage to the system or steal the system data. The insider threat also includes the problematic of outsourcing vendors.
Virus writers are posing an increasingly serious threat. Destructive computer viruses and worms harm files and hard drives.
Government officials are increasingly concerned about attacks from individuals and groups with malicious intend, such as crime, terrorism, foreign intelligence gathering, and acts of war.
Not only is cyber protection of critical infrastructures important in itself, but a physical attack in conjunction with a cyber attack has been highlighted as a major concern.
The prime objective of security studies is to reduce the effects of security threats and vulnerabilities to a level that is tolerable by an organization. This entails determining the impact a threat may have on an organization, and the likelihood that the threat could occur. The process that analyzes the threat scenario and produces a representative value of the estimated potential loss is called Risk Analysis.