An attack vector is a path or means by which a hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome.

Attack vectors enable hackers to exploit system vulnerabilities, including the human element.

Attack vectors include viruses, e-mail attachments, Web pages, pop-up windows, instant messages, chat rooms, and deception. All of these methods involve programming (or, in a few cases, hardware), except deception, in which a human operator is fooled into removing or weakening system defenses.

To some extent, firewalls and anti-virus software can block attack vectors. But no protection method is totally attack-proof. A defense method that is effective today may not remain so for long, because hackers are constantly updating attack vectors, and seeking new ones, in their quest to gain unauthorized access to computers and servers.

The nine basic attack threats include:

  1. malware attacks
  2. device loss or theft
  3. distributed-denial-of-service (DDoS) attacks
  4. payment card skimming
  5. web app attacks
  6. cyber-espionage
  7. point-of-sale intrusions
  8. insider theft and
  9. miscellaneous errors, such as sending emails with sensitive data to the wrong person.