The growth and development of the internet have created new risks, which are external to the organization and are not included in the conventional internal protection and information security systems of the organization. The uniqueness of these risks is in the exploiting of sensitivities and the performance of malicious activities and attacks of systems that are not within the control of the organization. They include cases of violation of intellectual property rights, exploiting of brand names, impersonations, identity theft, imitations, slander, misleading of customers, fraud, etc.
The Motives and Motivation of The Attacker
One of the major income sources on the internet is creating volumes of users to such sites that pay for each entry in the Pay-Per-click method, as well as other similar methods. As a result various parties are motivated to use illegitimate or controversial activities in order to attract traffic of users. One of the main means for these activities, are domain names that usually match brand names, upon which attacks are implemented.
Furthermore, the internet provides many opportunities and means to all those who wish to harm and incur damage to companies or organizations – such as hackers, former employees, disgruntled employees, competitors, cyber-squatters and lately also terrorist organizations. All of the above are motivated by a desire to damage the organization, gain economical profit or accomplish other ideological goals. The outcome shows that in all cases, there is direct economic and brand equity damage to the company.