Vulnerabilities, Threats, and Attacks
Vulnerabilities, threats, and attacks are three components that create the environment for a
cyber-attack.
Vulnerabilities
Vulnerabilities are unintentional weaknesses in an application, hardware component, or
network design that can be exploited to gain entry to a computer system or network.
Attackers generally target known vulnerabilities when looking for targets.
Threats
Threats are broken down into two categories based on the intent of the attacker:
■ Structured threats—Threats that are preplanned and focus on a specific target. A
structured threat is an organized effort to breach a specific network or organization.
■ Unstructured threats—Threats that are random and usually the result of an attacker
identifying the vulnerability by scanning the network looking for “targets of
opportunity.” This type of threat is by far the most common threat because it can be
performed using automated tools (scripts) that are readily available on the Internet and
can be performed by someone with very limited computer skills.