Large-scale commercial, industrial and financial operations are becoming ev
er more interdependent, and ever more dependent on IT. At the same time, th
e rapidly growing interconnectivity of IT systems, and the convergence of t
heir technology towards industry-standard hardware and software components
and sub-systems, renders these IT systems increasingly vulnerable to malici
ous attack. This paper is aimed particularly at readers concerned with majo
r systems employed in medium to large commercial or industrial enterprises.
It examines the nature and significance of the various potential attacks,
and surveys the defence options available, It concludes that IT owners need
to think of the threat in more global terms, and to give a new focus and p
riority to their defence. Prompt action can ensure a major improvement in I
T resilience at a modest marginal cost, both in terms of finance and in ter
ms of normal IT operation.