Attack vectors vs attack surfaces: What’s the difference?

Home » Attack vectors vs attack surfaces: What’s the difference?

Attack vectors: Attack vectors are the various ways or methods by which hackers can gain unauthorized access to a network. They can be exploited by malicious actors to gain access to confidential information or to launch a coordinated cyberattack. Examples of attack vectors include phishing, compromised credentials or ransomware.

Attack surfaces: The entire set of points on the boundary of an organization’s system, a system element, or an environment where an attacker can try to enter, cause an effect on or extract data from the organization. Attack surfaces can be physical or digital.

Sources: csrc.nist.gov/ and securitytrails.com/