Step three of building cybersecurity: Threats vs Attacks

Part 5 of Cybera’s Introduction to Cybersecurity series

In our previous post, we defined “attacks” and “threats”, and provided a comprehensive list of the different threats modern organizations typically face.

In this post, we’ll focus on attacks.

What is an attack?

While threats are not always intentional (e.g. natural disasters), an attack is an intentional, unauthorized action on a system. Attacks can be grouped into two categories: 

  • Active Attacks: an attempt to change system resources or influence their operation.
  • Passive Attacks: an attempt to understand or retrieve sensitive data from a system without influencing the system resources.

Difference between threats and attacks

IntentionalityCan be intentional — like human negligence — or unintentional — like natural disasters.A deliberate, malicious action. The attacker generally has a motive and a plan.
InitiationCan be initiated by the system or by an outsider.Always started by an outsider (system or user).
DefinitionA threat is a condition/circumstance that can cause damage to the system/asset.An attack is an intended action that causes damage to a system/asset.
Chance of damageThe chance of damage or information alteration varies from low to very high.The chance of damage or information alternation is very high.
DetectionDifficult to detect.Comparatively easy to detect.
PreventionPrevented by controlling vulnerabilities.Prevented by controlling vulnerabilities *and* other measures, such as backup, detection, etc.


Knowing your terminology when discussing cyberesecurity at an operational level is very important. A threat is a possible security risk that might exploit the vulnerability of a system or asset. An attack, on the other hand, is the actual act of exploiting an information security system’s weaknesses. You would not want to make the mistake of saying your organization is facing a threat when it is actively being attacked!

There are a variety of ways to prevent both threats and attacks. At the very least, all IT systems should include soft and physical firewalls, up-to-date antiviruses and antimalware, and other methods of protection and administration.

What’s next?

Now that we have talked about the attacks and threats that an organization should be on the lookout for, we will go over how to identify your risks.  

Previous posts in Cybera’s Introduction to Cybersecurity series

Engage with us in cybersecurity discussions

Are there particular cybersecurity topics you’d like to chat with us about, or have us organize a community discussion about? Let us know via