Last year was a bad one for information-security professionals. This year is likely to be even worse.
Hackers, viruses, and worms provided a constant threat in 2003. The year started off badly in January when the Slammer worm in about three hours infected hundreds of thousands of systems running Microsoft SQL Server. The trouble continued in the spring when the Bugbear virus hit hundreds of thousands of systems worldwide. More problems arose later in the year when in the same week a blackout struck the Northeastern United States and the Blaster worm attacked hundreds of thousands of systems. And those were just the highlights. There were tens of thousands of threats that affected individual businesses in various ways, depending on what systems and applications they had deployed and what kinds of security systems and practices they had in place. Nobody was immune.
The numbers tell the story of a serious and growing threat. In 2000, the CERT Coordination Center, a government-funded security group, recorded 21,756 security-related incidents. In 2002, it reached 82,094 incidents. In the first three quarters of 2003, the number of incidents totaled 114,855.
Four out of five businesses were hit by a virus or worm in 2003, according to a survey of 404 security decision makers by the Yankee Group. Denial-of-service attacks were the second-most-common security incident, hitting about 40% of those surveyed.