The threat is a possible security condition/violation to exploit the vulnerability of a system/asset. A threat can arise from any condition for example, accident, fire incident, environmental like natural disaster, human negligence. The following are various types of threats.
The attack is an intended unauthorized action on a system/asset. An attack always has a motivation to misuse system and generally wait for an opportunity to occur.
The following are some of the important differences between Threat and Attack.
|1||Intentional||Threats can be intentional like human negligence/failure or unintentional like natural disaster.||The attack is a deliberate action. An attacker have a motive and plan the attack accordingly.|
|2||Malicious||The threat may or may not malicious.||The attack is always malicious.|
|3||Definition||The threat by definition is a condition/circumstance which can cause damage to the system/asset.||Attack by definition, is an intended action to cause damage to system/asset.|
|4||Chance for Damage||Chance to damage or information alteration varies from low to very high.||The chance to damage or information alternation is very high.|
|5||Detection||A threat is difficult to detect.||An attack is comparatively easy to detect.|
|6||Prevention||A threat can be prevented by controlling the vulnerabilities.||An attack cannot be prevented by merely controlling the vulnerabilities. Other measures like backup, detect and act etc are required to handle a cyber-attack.|