4 Essential Security Terms: Assets and Vulnerabilities vs Threats vs Risks

0 Comment

Assets and Vulnerabilities vs Threats vs Risks
Although rarely understood by those outside the field of security, the nuances between these terms are critical. Especially if you even intend to protect your company’s assets.


Simply put, assets are what your company is trying to protect.

Assets are what your company is trying to protect.Click To Tweet

Assets are your company’s property, people, and information.

More on assets >>


Your company property consists of both tangible and intangible items. These are generally assigned a value. Anything such as devices, vehicles, and even land can be company assets.

Intangible assets include reputation and proprietary information.


People may include employees and customers along with other invited persons such as contractors or guests.
Any employees you took care to hire and train are assets, but especially those with hard-to-come-by skills and expertise.


Company information may include:
  • databases,
  • software code,
  • critical company records,

and many other intangible items.

Vulnerabilities vs Threats vs Risks


Vulnerabilities are weaknesses or gaps in the company’s security systems that can be exploited by a threat.

Vulnerabilities are weaknesses or gaps in your protection efforts.Click To Tweet

Vulnerabilities can be found in your software, hardware, or even employee training.

Employee training

Training employees in effective security can go a long way in keeping your company safe. These ongoing trainings can include the dangers of:

  • installing unapproved programs on the computer. Even programs as simple as desktop backgrounds (potential malware)
  • holding the door open for people without their company ID. Piggybacking is a technique used by hackers to gain access to physical security.
  • visiting dangerous websites on the company computer,
  • or leaving the device logged in when you’re away from your desk

And so many more potential dangers. Treating your employees as helpful people will help them be proactive in preventing a cyberattack.


Hardware vulnerabilities can be found in:

  • subpar or outdated routers
  • single locks on doors instead of deadbolts
  • devices that can easily be picked up and stolen. This would be theft but also a cyberattack if they use the device to access company information.


Vulnerabilities when it comes to software might come in the form of:

  • bootlegged software with a backdoor into your system
  • programs behind on their software updates or operating systems lacking in OS updates
  • unsecured WiFi routers


Threats are anything that can exploit a vulnerability. This can be done intentionally or accidentally, and is meant to obtain, damage, or destroy an asset.

A threat is what you will be trying to protect against.Click To Tweet

Threats can be practically anything, but the most common ones you’ll fall victim to include:

  • Trojans
  • Ransomware
  • Spyware
  • Keyloggers
  • Worms

and to a much lesser degree:

  • Hackers that visit you IRL (in real life)


Risk is the potential for loss, damage, or destruction of an asset due to a threat exploiting a vulnerability.

Risks are the intersection between assets, threats, and vulnerabilities.Click To Tweet

Risk is the most complex to understand since it is a constantly moving and evolving factor. However, this also makes it the term that is most critical in today’s exercise.

Why does it matter if I use vulnerabilities vs threats vs risks? Are the nuances really that important?

The reason why these distinctions are important is that once you understand how the three terms are related, you can understand how best to protect your company.

For example, if there are no vulnerabilities in your system, there could be any number of potential threats in the environment but there would be no risk to your assets, since there are no vulnerabilities for those threats to exploit.

On the other hand, if you have significant vulnerabilities in your security system, the greater the number of threats in the environment, the greater risk to your company assets.

Due to this relationship between vulnerabilities, threats, and risk, the lower the vulnerabilities, the safer you’ll be regardless of potential threat actors in the environment.


Hopefully, I’ve convinced you on the nuances of assets and vulnerabilities vs threats vs risks.

In the hopes of better educating ourselves on the THREATS factor, be sure you sign up for my threat intelligence website for small and medium businesses.

Threat intelligence and how it relates to your startup >>

If you found this post helpful, please be sure to share it with your peers. Online security benefits us all and will only become more critical as technology’s presence grows in our community.

Get informed. Stay safe.


Leave a Reply

Your email address will not be published. Required fields are marked *