Cybersecurity Threats vs Vulnerabilities Explained

In IB Computer Science, vulnerabilities explain why a threat can succeed.

The Relationship Between Threats and Vulnerabilities

A key IB concept is that:

• Threats exploit vulnerabilities

A threat alone does not cause harm unless:

• A vulnerability exists

Similarly:

• A vulnerability may exist without being exploited

Damage occurs only when both are present.

Example Scenario

Consider an online school system:

• Threat: A hacker attempting to access student data
• Vulnerability: Weak password policies

The hacker can succeed because the vulnerability exists.

IB exam answers should always link the two together.

Why This Distinction Matters

Understanding the difference allows organisations to:

• Identify risks accurately
• Apply appropriate security measures
• Prioritise fixes

For example:

• Removing vulnerabilities reduces risk
• Threats cannot always be eliminated

IB students should recognise that security focuses heavily on reducing vulnerabilities.

Threats vs Vulnerabilities vs Controls

In security analysis:

• Threats describe potential attacks
• Vulnerabilities describe weaknesses
• Controls describe protections

Controls include:

• Firewalls
• Encryption
• Access control
• User training

IB examiners reward students who can place each concept in the correct role.

Common Types of Vulnerabilities

Students should be familiar with:

• Weak authentication
• Poor access control
• Software bugs
• Human error

These are often easier to fix than eliminating threats.

Common Student Mistakes

Students often:

• Use threats and vulnerabilities interchangeably
• Describe attacks as vulnerabilities
• Ignore the link between them
• Give lists without explanation

Clear cause-and-effect explanations earn higher marks.

How This Appears in IB Exams

IB questions may ask students to:

• Identify threats and vulnerabilities in a scenario
• Explain how a threat exploits a vulnerability
• Suggest appropriate security controls
• Evaluate system risk

Correct classification is essential.

Final Thoughts

Cybersecurity threats represent potential sources of harm, while vulnerabilities are weaknesses that allow those threats to succeed. Security failures occur when threats exploit vulnerabilities.

Understanding this distinction allows IB Computer Science students to analyse security scenarios clearly and logically — exactly what examiners expect.

Learn the differences between HDDs, SSDs, and NAS for IB Computer Science, including performance, cost, and use cases.