Before moving into a discussion of the security threats that exist on the Internet, we should know who sets up these attacks in the first place, and for what objective.

In general, there are two types of intruders that pose a threat to security: external and internal.

The most commonly known intruder is a hacker or cracker (I won’t get into a discussion of the exact definition; simply assume that these terms are used in a negative way. After all, a violation is still a violation whatever its purpose). The aim of their attacks is to steal, damage, or  just to have fun! Usually they have great skills and they know what they are looking for.

However, studies have shown that 70 to 80 percent of attacks come from within an organization. Do you completely trust the person sitting next to you at the office? If yes, stop trusting them! If he gets fired next week and he wants revenge, he could use your password (that you gave him a month ago when he had a problem with his PC) to get into the company’s system and delete all the customers.

Every employee is a potential threat to the company. Ignorance can cause the same damage as if an attack is set intentionally. In general, an internal user may attack for any other number of reasons, including data theft to sell information to competitors and sabotage.  

Off course, external attacks get so much publicity that organizations spend a large portion of their security budget to avoid having a security violation. After all, their reputation is what brings money to the company; would you do business with a company that got hacked three times in the last year?