Experts estimate that at any time, the potential of sites on the web
being vulnerable to attacks is about two-third.
This includes many commercial as well as government sites.
But of course potential hackers will not be interested in most
non-commercial or low-traffic sites.
Generally there are two kinds of hackers, the ones who hack for money,
such as to manipulate bank accounts or to obtain credit-card information; and
those who hack for ego or for fun, they just wanted to prove their skills or get
most cases, the latter will attempt important sites, especially government ones.
Since the internet was meant to be very open and flexible, its
inter-connectivity meant that there is more than one way to do just about
attacks may also come from within the organisation, such as disgruntled
employees, thus making it even harder to trace.
Web security may be easier said than done, as there is simply no such
thing as perfect security.
Unless the system is completely isolated and shut off, chances are there
is a hole somewhere that lets in the bug.
If we study the core components of a system: its design, tools,
procedures, environment, operators and knowledge of users, these interact in
many expected and unexpected ways, and all it takes is just one faulty
interaction among them to breach the security of the system.
To make things worse, expertise or experience in hacking is no longer a
precursor since information and tools are easily available on the web.
A good example is 2600.com, an interest group which exchanges skills and
tips on hacking, they even circulate newsletter for members!