Threat Vector
What is Threat Vector?
Threat VectorChannel or means through which a threat actor can deliver an attack, often used interchangeably with attack vector but with broader, threat-modelling connotation.
A threat vector is the medium that allows a threat to reach an asset: email, web traffic, removable media, network protocols, third-party software updates, physical access, or insider trust. While attack vector emphasises the specific technique used in an incident, threat vector is used during threat modelling and risk assessment to enumerate channels worth defending. NIST and ENISA threat catalogues categorise threats by vector so that controls can be allocated systematically. A single threat actor typically operates across multiple threat vectors, so defenders combine email security, network segmentation, supply-chain hygiene, physical controls, and insider-risk management to cover them.
● Examples
- 01
Email is the dominant threat vector for ransomware initial access.
- 02
Removable media is a common threat vector in air-gapped environments (e.g., Stuxnet).
● Frequently asked questions
What is Threat Vector?
Channel or means through which a threat actor can deliver an attack, often used interchangeably with attack vector but with broader, threat-modelling connotation. It belongs to the Compliance & Frameworks category of cybersecurity.
What does Threat Vector mean?
Channel or means through which a threat actor can deliver an attack, often used interchangeably with attack vector but with broader, threat-modelling connotation.
How does Threat Vector work?
A threat vector is the medium that allows a threat to reach an asset: email, web traffic, removable media, network protocols, third-party software updates, physical access, or insider trust. While attack vector emphasises the specific technique used in an incident, threat vector is used during threat modelling and risk assessment to enumerate channels worth defending. NIST and ENISA threat catalogues categorise threats by vector so that controls can be allocated systematically. A single threat actor typically operates across multiple threat vectors, so defenders combine email security, network segmentation, supply-chain hygiene, physical controls, and insider-risk management to cover them.
How do you defend against Threat Vector?
Defences for Threat Vector typically combine technical controls and operational practices, as detailed in the full definition above.
● Related terms
- compliance№ 073
Attack Vector
Specific path or technique an attacker uses to gain unauthorized access to a target, such as phishing, exploit of a CVE, or stolen credentials.
- compliance№ 071
Attack Surface
Sum of all points where an attacker can attempt to enter, extract data from, or manipulate a system, including networks, software, identities, supply chain, and people.
- compliance№ 1149
Threat Landscape
Current picture of the threats facing an organization, sector, or region: actors, tactics, malware families, vulnerabilities, and trends over time.
- appsec№ 1150
Threat Modeling
A structured analysis that identifies the assets, threats, vulnerabilities and mitigations of a system so security can be designed in rather than bolted on.
- attacks№ 1116
Supply Chain Attack
An attack that compromises a trusted third-party software, hardware, or service provider in order to reach its downstream customers.
- attacks№ 821
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.