A threat is a potential action that could cause damage or exploit a vulnerability. Threats can come from single people making statements to entire organizations. Some threats involve simply sharing private information, malware, or hardware and software issues. These are occurrences where there is potential for harm, and nothing specific has happened yet to cause that harm. However, an attack is the actual exploitation of a vulnerability in a system. Attacks like DoS, phishing, and brute-force password attacks are some of many that exploit the vulnerabilities in systems and people to stop a network from functioning.

Exploits are tied to vulnerabilities by existing once a vulnerability exists. The purpose of an exploit is to make use of a vulnerability to cause an attack in different forms. This can be installing malware, encrypting an entire system to prevent users from access, or using other attack methods. It’s acceptable to study and use the many attack methods mentioned due to that information being critical for fortifying systems against those attacks in the future, as well as educating others to protect themselves at the same time.