Three of the most commonly confused terms are risk, threat, and vulnerability. Mixing up these terms clouds your ability to understand how the latest vulnerability management tools and technologies work, and impedes communication with other security (and non-security) professionals. The distinctions may be fundamental, but they’re also important. Here, we’ll explain what they mean and why they’re important.
In a nutshell, risk is the potential for loss, damage or destruction of assets or data caused by a cyber threat. Threat is a process that magnifies the likelihood of a negative event, such as the exploit of a vulnerability. And a vulnerability is a weakness in your infrastructure, networks or applications that potentially exposes you to threats.