Your Incident Response Plan Depends on Knowing Your Attack Vectors

CyberDefenses - Defenses Protection

by Brian Engle, CISO

Similar to businesses, attackers have goals that they set out to achieve. Depending on the attacker, the goals may vary, but ultimately to accomplish objectives an attacker has to utilize an attack vector to break through defenses. Network defenses and cybersecurity protections are the starting point for closing up potential attack vectors, but defenses are never perfect and eventually and increasingly more frequently attackers are successful.

As businesses expand their use of technology, the attack surface increases and so too does the number of possible attack vectors. Understanding what these attack vectors are and how to properly analyze them is a crucial part of any cybersecurity effort. An unprotected attack vector becomes the blind spot that leaves a business vulnerable to damaging attacks.

The best way to describe an attack vector is any way in which a hacker can evade protections. Sometimes these attack vectors are used to gain access to a computer or network server to exploit system vulnerabilities or cause a malicious outcome. At other times the attack vector can be a resource that cannot keep up with demand, or the extreme demands that an attack aimed at overwhelming the available resources. And still yet other vectors can take advantage of people, tricking them into providing the hole that the attacker needs to get to what they are after. Attack vectors include but are not limited to malicious software and viruses, e-mail attachments, website content and pop-up windows, and social media forums. Deception is often a key component, hiding the attack inside of what may seem typical and normal for an end user.

Cybersecurity professionals are flooded with information daily, which makes identifying the most significant risks a challenge. In fact, most organizations are subject to malicious attack from multiple vectors. Firewalls and anti-virus software can help block attack vectors, but no protection method is fully attack-proof especially in the escalating arms race that the attackers use against the defenders. That’s why a key aspect of a complete cybersecurity program is a good Incident Response Program. Part of the Incident Response Program is evaluating exposure areas and attack surfaces, considering how attackers will evade the protections. Conducting a thorough assessment will ensure that you’re considering all potential attack vectors and conducting incident detection and response exercises will help continually test your capabilities.

Based on our years of experience working with clients to identify cybersecurity risks and immediate threats, here are the areas we typically analyze for visibility into potential attacks:

  • Data flows and connected networks
  • Web services and applications
  • Email systems, processes that depend on email, impersonation and spoofing
  • Remote Access and VPN Systems
  • External and Removable Media
  • Social Engineering
  • Social Networks and Public Information
  • Insider Activities and Improper Usage
  • Loss or Theft of Equipment
  • Cybersecurity Tools and Utilities – yes, the protection systems can introduce new attack vectors


Understanding which systems can be accessed by threat actors is a critical component of detection. Don’t overlook your partners and supply chain when you’re the evaluating attack vectors. All of the vectors in the list above may be distributed across numerous vendors and participants in an organization’s supply chain. Unfortunately, as we’ve seen in many high-profile data breaches recently, capable attackers will find the weakest link in the chain and the attack vector may not be a direct route through the organization’s system.

Detection is key and relying only on your protection devices to raise the alarm will leave attack vectors open. So be prepared and consider the cracks in the armor that may be attacked – knowing your attack vectors will help you detect and respond. Ensure your Incident Response Plan includes learning and knowing your attack vectors.


Interested in an Incident Response Guide and Planning Template along with some Incident Response Exercises?

For more Cybersecurity Best Practices in Webinar-Replay format be sure to click here.

Interested in how we can help you? Reach out via the contact page:


About the author

Brian Engle

Brian Engle is the CISO and Director of Advisory Services, a role in which he leads the delivery of strategic consulting services for CyberDefenses's growing client base with risk management support, information security program assessment and cybersecurity program maturity evolution. Prior to working at CyberDefenses, he was the founder and CEO of Riskceptional Strategies, a consulting firm focused on enabling the development of successful strategies for implementing, operating, and evolving risk-based cybersecurity programs. Brian’s previous information security roles include Executive Director of Retail Cyber Intelligence Sharing Center (R-CISC), CISO and Cybersecurity Coordinator for the State of Texas, CISO for Texas Health and Human Services Commission, CISO for Temple-Inland, Manager of Information Security Assurance for Guaranty Bank, and Senior Information Security Analyst for Silicon Laboratories. Brian has been a professional within Information Security and Information Technology for over 25 years, and serves as a past president and Lifetime Board of Directors member of the ISSA Capitol of Texas Chapter, is a member of ISACA, and holds CISSP and CISA certifications.