Intrusion

Definition

In cybersecurity, an **intrusion** is any unauthorized entry into a computer system, network, or application. It’s the digital equivalent of someone breaking into a building — except instead of forcing a door, the attacker exploits vulnerabilities, steals credentials, or tricks users into letting them in.

An intrusion doesn’t have to mean data was stolen or systems were damaged — it simply means the attacker gained access without permission. From there, they might:

* Steal data
* Deploy malware or ransomware
* Move laterally through the network
* Install backdoors for future access

Intrusions can happen through:

* **Technical exploitation** – Using software vulnerabilities, weak passwords, or misconfigurations.
* **Social engineering** – Phishing, pretexting, or other human-focused tactics.
* **Physical access** – Plugging malicious devices into systems on-site.

In investigations, detecting an intrusion often involves:

* Reviewing **logs** for suspicious login attempts or anomalies
* Monitoring for **new processes** or unusual network connections
* Spotting **changes in configurations** or the presence of unauthorized tools
* Correlating multiple small clues (failed logins, suspicious file creation, odd PowerShell commands) into a bigger picture

Intrusion

Definition

Explore More Terms