Information security threats are actions or tools that cybercriminals use to cause data breaches of information systems. Their intent is usually data theft, data corruption, or disruption of business services and systems.

Information security threats are not the same as information security risks. A risk is the likelihood that a threat will succeed. 

Think of it this way: Driving a car presents a risk of motor vehicle accident, while an erratically-driven vehicle—for instance, by a drunk driver—is a threat.

In cybersecurity, a variety of attack types may threaten a system, network or device. Many of these use malicious code, which is code that, upon infiltrating a system, network, or device, can wreak havoc on its ability to operate or provide the attacker with unauthorized access to sensitive data. Security software may not be able to detect the presence of malicious code in a device, system, or network.

Malicious code is found in these common places: computer viruses, worms, and Trojan horses.

Computer viruses insert themselves into a program, then spread from device to device. They are usually sent as attachments or links in “phishing” emails, and become activated when the recipient opens the file or clicks on the link. Viruses can cause damage to data or software and overload systems or websites with requests for service, causing “distributed denial of service” (DDoS) shutdowns.

Worms, like viruses, propagate and spread, but do not require someone to open a file to activate them. Instead, they infiltrate information systems via a vulnerability or use social engineering, which are tactics used to gain someone’s trust via social media or phone/voice calls (“vishing”) to get sensitive information such as credit card information or to trick people into activating them. Worms may use encryption, data wipers, and ransomware to damage their targets.

Trojan horses, or “Trojans,” are a kind of malicious software, or “malware,” that looks harmless—like the wooden horse filled with soldiers presented as a gift to the Trojans in Homer’s “The Iliad.” Once the target is tricked into loading the software and executing it, Trojans attack, and can create backdoors to allow cybercriminals access to the system. One commonly used malware is point-of-sale malware, which, once installed on a point-of-sale terminal, collects credit-card and debit-card information and sends it, unencrypted, to the cybercriminal.