Understand attack vectors
Cybercriminals use various means to carry out cyberattacks. Fully understanding concepts like threat landscape and attack vectors helps to build a foundation for developing strong cybersecurity policies.
The cyber threat landscape includes all potential cybersecurity threats that might affect an organization's assets. Threat landscapes are ever-evolving. For example, 2020's shift to work-from-home resulted in a heightened threat landscape for many organizations. The threat landscape covers more than just computers and mobile devices. It can include any element owned or managed by an organization—even items not owned or managed by the organization such as:
- Email accounts
- Social media accounts
- Mobile devices
- The organization's technology infrastructure
- Cloud services
- People
Cybercriminals are aware of an organization's threat landscape and use any means possible to carry out cyberattacks. They look for any entry point to gain access to a system. These entry points are called attack vectors and cybercriminals use them to start a security breach. Eight common attack vectors are:
- Email – Email is perhaps the most common attack vector. Cybercriminals send email messages that look legitimate to entice users to select a link or download a file that will compromise a device or system.
- Social media – Monitoring social media accounts is another route cybercriminals use to gain access to information or resources.
- Removable devices – Cybercriminals use removable media like USB drives, smart cables, or storage cards to compromise devices. The removable media may hold malicious code that, when plugged into a device, destroys data or records important information like usernames and passwords.
- Browsers – As web browsers have become a regular part of everyday life and work, cybercriminals frequently use websites and browser extensions that download malicious software or change a user's browser settings to provide an entry point to a system or network.
- Cloud services – As organizations rely more on cloud services for day-to-day activities, cybercriminals look for compromised credentials to gain control of content accessible in the cloud.
- Insiders – Whether intentionally or unintentionally, people can serve as attack vectors. Cybercriminals use social engineering practices to exploit a human's reliance on trust by pretending to be a person of authority in an organization. An employee may unintentionally select a link or send important information through email to a fraudster. In some cases, employees with authorized access may intentionally use their credentials to cause harm.
- Devices – As the workforce becomes more mobile and employees use multiple devices to do their jobs (phones, laptops, and tablets), the opportunity for these devices to land in the hands of cybercriminals increases, making devices themselves attack vectors.
- Wireless – Another common attack vector is an organization's wireless network. Cybercriminals often tap into unsecured wireless networks to look for vulnerabilities.