Part 5 of Cybera’s Introduction to Cybersecurity series
In our previous post, we defined “attacks” and “threats”, and provided a comprehensive list of the different threats modern organizations typically face.
In this post, we’ll focus on attacks.
What is an attack?
While threats are not always intentional (e.g. natural disasters), an attack is an intentional, unauthorized action on a system. Attacks can be grouped into two categories:
- Active Attacks: an attempt to change system resources or influence their operation.
- Passive Attacks: an attempt to understand or retrieve sensitive data from a system without influencing the system resources.
Difference between threats and attacks
| Threat | Attack | |
|---|---|---|
| Intentionality | Can be intentional — like human negligence — or unintentional — like natural disasters. | A deliberate, malicious action. The attacker generally has a motive and a plan. |
| Initiation | Can be initiated by the system or by an outsider. | Always started by an outsider (system or user). |
| Definition | A threat is a condition/circumstance that can cause damage to the system/asset. | An attack is an intended action that causes damage to a system/asset. |
| Chance of damage | The chance of damage or information alteration varies from low to very high. | The chance of damage or information alternation is very high. |
| Detection | Difficult to detect. | Comparatively easy to detect. |
| Prevention | Prevented by controlling vulnerabilities. | Prevented by controlling vulnerabilities *and* other measures, such as backup, detection, etc. |
Conclusion
Knowing your terminology when discussing cyberesecurity at an operational level is very important. A threat is a possible security risk that might exploit the vulnerability of a system or asset. An attack, on the other hand, is the actual act of exploiting an information security system’s weaknesses. You would not want to make the mistake of saying your organization is facing a threat when it is actively being attacked!
There are a variety of ways to prevent both threats and attacks. At the very least, all IT systems should include soft and physical firewalls, up-to-date antiviruses and antimalware, and other methods of protection and administration.
What’s next?
Now that we have talked about the attacks and threats that an organization should be on the lookout for, we will go over how to identify your risks.
Previous posts in Cybera’s Introduction to Cybersecurity series
- Introduction
- What is cybersecurity?
- Step one of building cybersecurity: What do you know?
- Step two of building cybersecurity: What threats do you face?
Engage with us in cybersecurity discussions
Are there particular cybersecurity topics you’d like to chat with us about, or have us organize a community discussion about? Let us know via security@cybera.ca.