Capterra Logo
Helping businesses choose better software since 1999

Capterra Glossary

Passive Attack

A passive attack is a term used in the cybersecurity industry to describe a cyber attack in which a cybercriminal monitors a computer system and scans it for vulnerabilities. Rather than interacting with the system, these cybercriminals simply read emails, tap into a systemʻs microphone, track internet usage, and use other tactics to eavesdrop on the activities of a computer user. Cybercriminals use the sensitive user information gathered from a passive attack for future, more direct system attacks. For instance, in the case of a company data breach, stolen employee login information gained from a passive attack is used to gain access to sensitive company files. Corporations typically follow cybersecurity best practices, such as refraining from downloading suspicious attachments, clicking unverified links, and acting on phishing emails to avoid passive attacks.

What Small and Midsize Businesses Need to Know About Passive Attack

Small to midsize corporations often lack the robust cybersecurity protections that large corporations tend to possess. Due to this, they are often targeted by cyberhackers more frequently than larger enterprises. To mitigate the threat of cyberhacking attacks, small and midsize corporations should require their employees to encrypt important business files and folders when saving and sharing files over a company network. This way, even if a passive attack occurs, the attacker will not be able to gain any sensitive company information. Small businesses should also download firewalls on their company workstations to block phishing emails and other suspicious activities that could result in a passive attack.

Related Terms