Threat Vector
A path or method via which a threat gains access to a victim computer or network.
Security control is countermeasures that a company can implement to detect, prevent, reduce, or counteract security risks.
Attack Surface
The combined sum of the different points within an organisation that a malicious cyber actor can use to mount an attack.
Supply chain vulnerabilities have the ability to sit behind all of the threat vectors that we have discovered.
What is the Attack Surface?
When we talk about the attack surface within the context of cyber threat intelligence, what we mean is the sum total of all the ways a malicious actor or hacker could potentially gain unauthorised access to a target system or network. This includes everything from the visible interfaces like websites or apps, to the underlying protocols and technologies that enable communication and data exchange.
Think of it like a house - the attack surface would be all the doors, windows, vents, and any other potential points of entry that someone could use to break in. In the same way, the attack surface in cyber security refers to all the entry points a hacker could use to gain access to a target’s sensitive information.
So, the goal of understanding the attack surface is to identify the potential weaknesses in a system and prioritise the most pressing threats. This information is then used to inform and guide the development of mitigation strategies that can help prevent successful attacks and keep the target system and its data secure.
The SolarWinds Hack
Arguably one of the largest and most complex attacks in recent times, the SolarWinds hack took the world by storm towards the end of 2020.
It wasn’t just one organisation that suffered at the hands of this hack though. SolarWinds develops software for businesses to help manage their networks globally. The hack triggered an incident that affected thousands of organisations and even included the United States government.