How to defend against this? There's no perfect protection from these kinds of attacks, but there are things that can be done to reduce vulnerability. This consists of more education of users (to make them aware of what kind of dangers they face), and hardware and software defenses against attacks. Another approach favored by military, and government, users is frequent scans of user computers, and strict rules about what you can put on them. What all of this tries to do is limit the damage, not eliminate it. This reflects an ancient military adage; "it's not a matter of who is better, but who is worse (off)." While American organizations are more enthusiastic users of the Internet than anyone else, any country that tries to compete with the United States, has some Internet vulnerability. If they are less well protected than U.S. systems, they are going to suffer more if they are attacked.
Government and military security officials are getting more concerned about their vulnerability to attack via the Internet. The rising fear comes from the realization that it's impossible to keep their computer networks completely free of thieves and vandals. This was demonstrated by a recent test conducted on 10,000 state government employees. They were sent a "phishing" type email, that said it wanted to check the validity of users passwords. The victims were directed to a website that requested the user enter their user ID and password, which could then be captured and used by the bad guys. This test found that some 17 percent of those approached, fell for it. After telling those victims what they had done, and hitting them with a similar scam later on, nearly half of them fell for it again. Attacks like this not only grab passwords, and access to the users system, but can also be used to install programs that will monitor system use, grab useful information, or bring the system down on command. All these are militarily useful functions, and military and government organizations can be hurt pretty bad by such attacks.