Sean
A “Threat Vector” is the path that a hacker or a malware application might take to get past your defenses and compromise your data.
The 6 main threat vectors (points of entry) include:
- Network – The perimeter of your network, usually protected by something like a firewall.
- User – Attackers often use social engineering and social networking to gather information and trick users into opening a pathway for an attack into a network.
- Email – Phishing attacks and malicious attachments target the email threat vector.
- Web Application – SQL Injection and Cross-Site Scripting are just two of the many attacks that take advantage of an inadequately protected Web Application threat vector.
- Remote Access – A corporate device using an unsecured wireless hotspot can be compromised and passed on to the corporate network.
- Mobile – Smartphones, tablets, and other mobile devices can be used as devices to pass malware and other attacks on to the corporate network. Additionally, mobile malware may be used to steal useful data from the mobile device.
Your “Attack Surface” is all the publicly and privately-exposed nexus points between your company’s data and the human or software-driven interfaces of your company. In essence, it’s all your threat vectors put together.
