4 Essential Security Terms: Assets and Vulnerabilities vs Threats vs Risks

Assets

Simply put, assets are what your company is trying to protect.

Assets are your company’s property, people, and information.

More on assets >>

Property

Your company property consists of both tangible and intangible items. These are generally assigned a value. Anything such as devices, vehicles, and even land can be company assets.

Intangible assets include reputation and proprietary information.

People

Information

Vulnerabilities vs Threats vs Risks

Vulnerabilities

Vulnerabilities are weaknesses or gaps in the company’s security systems that can be exploited by a threat.

Vulnerabilities can be found in your software, hardware, or even employee training.

Employee training

Training employees in effective security can go a long way in keeping your company safe. These ongoing trainings can include the dangers of:

• installing unapproved programs on the computer. Even programs as simple as desktop backgrounds (potential malware)
• holding the door open for people without their company ID. Piggybacking is a technique used by hackers to gain access to physical security.
• visiting dangerous websites on the company computer,
• or leaving the device logged in when you’re away from your desk

And so many more potential dangers. Treating your employees as helpful people will help them be proactive in preventing a cyberattack.

Hardware

Hardware vulnerabilities can be found in:

• subpar or outdated routers
• single locks on doors instead of deadbolts
• devices that can easily be picked up and stolen. This would be theft but also a cyberattack if they use the device to access company information.

Software

Vulnerabilities when it comes to software might come in the form of:

• bootlegged software with a backdoor into your system
• programs behind on their software updates or operating systems lacking in OS updates
• unsecured WiFi routers

Threats

Threats are anything that can exploit a vulnerability. This can be done intentionally or accidentally, and is meant to obtain, damage, or destroy an asset.

Threats can be practically anything, but the most common ones you’ll fall victim to include:

• Trojans
• Ransomware
• Spyware
• Keyloggers
• Worms

and to a much lesser degree:

• Hackers that visit you IRL (in real life)

Risks

Risk is the potential for loss, damage, or destruction of an asset due to a threat exploiting a vulnerability.

Risk is the most complex to understand since it is a constantly moving and evolving factor. However, this also makes it the term that is most critical in today’s exercise.

Why does it matter if I use vulnerabilities vs threats vs risks? Are the nuances really that important?

The reason why these distinctions are important is that once you understand how the three terms are related, you can understand how best to protect your company.

For example, if there are no vulnerabilities in your system, there could be any number of potential threats in the environment but there would be no risk to your assets, since there are no vulnerabilities for those threats to exploit.

On the other hand, if you have significant vulnerabilities in your security system, the greater the number of threats in the environment, the greater risk to your company assets.

Due to this relationship between vulnerabilities, threats, and risk, the lower the vulnerabilities, the safer you’ll be regardless of potential threat actors in the environment.

TL;DR

Hopefully, I’ve convinced you on the nuances of assets and vulnerabilities vs threats vs risks.

In the hopes of better educating ourselves on the THREATS factor, be sure you sign up for my threat intelligence website for small and medium businesses.

Threat intelligence and how it relates to your startup >>

If you found this post helpful, please be sure to share it with your peers. Online security benefits us all and will only become more critical as technology’s presence grows in our community.

—

Get informed. Stay safe.

theWhiteHatHACKER