Understanding the difference between risk, threat, and vulnerability

• Vulnerabilities refer to weaknesses in a system or program that can be exploited by threats to gain unauthorized access to an asset.
• Cyber threats refer to cybersecurity circumstances or events that can result in harm to the target organization.

Terms like threats, vulnerabilities, and risks are often confused with each other when it comes to cybersecurity and cyber attacks.

The post aims to define each term while highlighting the difference between them.

Vulnerabilities

• Vulnerabilities refer to weaknesses in a system or program that can be exploited by threats to gain unauthorized access to an asset.
• They make threat outcomes possible and potentially even more dangerous.
• Examples of common vulnerabilities are SQL Injection, Cross-Site Scripting, server misconfiguration, sensitive data transmit in plain text and more.

Cyber threats

• Cyber threats refer to cybersecurity circumstances or events that can result in harm to the target organization.
• For example, threat actors can exploit a vulnerability, intentionally, or accidentally and obtain, damage or destroy an asset.
• Threats include organized crime, spyware, malware, adware, and disgruntled internal employees who start attacking the employers of the target organization.
• Common threats are social engineering or phishing attack that leads to an attacker installing a trojan or stealing information from your applications or overloading the ISP of a data center with unwanted traffic.

Risks

• Risk is a metric used to understand the loss (both in terms of finance and physical) caused due to loss, damage or destruction of an asset.
• Usually, it is translated as Risk = threat probability * potential loss/impact.

To get a clear understanding, let’s take the example of a scenario involving SQL injection vulnerability:

• SQL Injection is a vulnerability that can be exploited to steal sensitive data theft.
• Financially motivated attackers are one of the threat actors that usually leverage the vulnerability.
• The impact of sensitive data getting stolen will bear a significant financial cost to the business. It will also hamper the reputation of the business.
• The probability of such an attack is high, given that SQL injection is an easy-access, widely exploited vulnerability and the site is externally facing.
• Therefore the SQL injection vulnerability in this scenario is treated as a high-risk vulnerability.