In cybersecurity, a threat is the potential occurrence of an undesirable event that can eventually damage or disrupt the operational and functional activities of a company or organization. Some examples are an attacker stealing sensitive data, infecting a system with malware, and data tampering. In order to realize their intentions, threats need vectors. A threat vector is a medium through which an attacker gains access to a system by exploiting identified vulnerabilities.
Some most common threat vectors used by adversaries are as follows.
-
Direct/physical access: By having direct access to our computing devices, the attacker can perform many malicious activities like installing malicious programs, copying a large amount of data, modifying device configuration, and so on.
Protection: We should implement strict access control and restriction.
-
Removable media: Devices like USB flash drives, smartphones, or IoT devices may contain malicious programs that run when they are attached to other devices or networks.
Protection: Autorun functionality should be disabled and endpoint security solutions like anti-virus or Windows Defender must be enabled.
-
Wireless: An unsecured wireless network can be exploited to initiate attacks.
Protection: Implementing strong encryption protocol.
-
Email: A phishing attack or a message with malicious intentions is often delivered through email.
Protection: Implementing robust email filtering and anti-phishing solutions.
-
Cloud: It can be an implementation of malicious modules in a cloud environment like SaaS, PaaS, virtual machine, etc or exploitation of a cloud account with poor security.
Protection: We should only use reputable cloud providers and implement encryption for sensitive data.
-
Malware: Installing malware such as viruses, ransomware, Trojans, etc usually needs another vector or attack technique like a phishing email.
Protection: Employing anti-virus or intrusion detection & prevention systems (IDPS).
-
Supply chain: Our systems or applications may use libraries provided by third parties that adversaries may have compromised.
Protection: We should perform software composition analysis (SCA) on our application and regularly monitor supply chain partners.
-
Business partners: Third-party vendors may threaten our organization if we don't employ best practices in cybersecurity.
Protection: We should always have an agreement for granting access or sharing data with partners and use secured communication channels.
Comments
Post a Comment