Understanding what a threat vector is and why it's important is a part of modern healthcare that can't be overlooked. The internet and digital revolutions have changed healthcare and patient engagement in positive ways, but they have also introduced an unprecedented level of risk with cyberattacks.
At best, an attack can be a nuisance; at worst it can ruin a business and put people's lives at risk—especially in healthcare.
In this post, we'll take a step back and more broadly examine the how and why of cyberattacks by focusing on threat vectors (also called attack vectors).
By recognizing and minimizing threat vectors, organizations are able to block several attack methods at once, saving time, money, and stress.
A threat vector is a path or a means by which a cybercriminal gains access through one or more of six main routes into a computer system by exploiting a route vulnerability (also called an attack surface).
A system can be attacked for passive (an attempt to gain or use information but not affect a system) or active (a direct attempt to alter a system or affects its operations) reasons.
The list of threat vectors continuously grows as hackers discover new methods to exploit people and system vulnerabilities to deliver malicious software, access sensitive data, or access operating systems.
Threat vectors are categorized as either programming or social engineering. Both programming and social engineering threat vectors can be employed simultaneously and fluidly, so it is necessary to broaden how organizations approach cybersecurity.
Programming Threat Vectors | Social Engineering Threat Vectors |
Viruses | Instant messages |
Trojans | Text messages |
Malware/ransomware | Chat room messages |
Macros | Poor password protection |
Pop-ups | Phishing |
Bogus email attachments or web links | Baiting |
Drive-by-downloads | Spoofing |
Rootkits | Cybersquatting (e.g., typosquatting) |
SQL injection | Man-in-the-middle or session hijacking |
Unpatched vulnerabilities | Credential reuse |
Brute force/cracking | Domain shadowing or hijacking |
Distributed denial-of-service (DDoS) | Malvertising |
Misconfigured cloud services like Google Cloud, Amazon Web Services (AWS) | Disgruntled employees |
In order to gain access to a system through one or more of the six routes, a hacker use common attack vectors to:
Hackensack Meridian Health learned this first hand in December 2019 when its system was breached and encrypted after a ransomware attack.
Once the cybercriminal(s) identified Hackensack and realized that email security was lax, it was easy to utilize a ransomware threat vector to infiltrate, encrypt data, and demand a ransom.
Today, the weakest route into any computer system is through email, and it is what many threat vectors focus on.
In fact, a huge reason for this is due to the human factor.
Email filtering tools can block a lot of malicious messages, but if even one gets through it just takes one inadvertent click to grant unauthorized access to a hacker.
Furthermore, breaches and leaks of sensitive data are not limited to outside attacks; some are caused by employees sending sensitive information in unsecured email messages.
This is proven to be especially true in healthcare as the majority of breaches are caused by email according to the Health and Human Services (HHS) Breach Portal.
It is imperative, therefore, to change the way we approach information security, from focusing on specific events to aiming at threat vectors.
Healthcare, for example, is one of the most vulnerable industries with a lucrative payoff and a large set of threat vectors.
These threat vectors include legacy and medical devices with patch vulnerabilities, an increased reliance on internet-of-things (IoT) devices, business associates with flimsy security and access to protected health information (PHI), and overworked employees reached through social engineering.
By learning about and focusing on threat vectors, healthcare organizations (and all industries) can proactively strengthen security for all six entry routes.
Even without knowing the who or when of a cyberattack, identifying threat vectors as early as possible provides an organization with the what, where, and how in order to create a solid information security program.
Hackensack may have gotten off luckier than other organizations as its hacker(s) end game was monetary.
Some targeted organizations instead are seized to abet public-wide attacks.
Others become victims for corporate espionage on behalf of another country (like the Chinese hacking group APT10, believed to be working for China’s Ministry of State Security).
Such reasons are why the federal government has increased its assessments and fines against noncompliant organizations, and why it is so important to understand threat vectors in conjunction with attacking methods rather than focus on each specific breach individually.
Once the vulnerable threat vectors are identified, strong cybersecurity can decrease the number of attack surfaces a cybercriminal can use.
No single method alone is foolproof. Just as there are multiple threat vectors, there should be multiple layers of security and protection.
Learning more about threat vectors and how cybercriminals use them is necessary in order to safeguard your organization and improve your security posture.
Paubox Email Suite Plus can help mitigate inbound email threats by utilizing hundreds of checks on each incoming email to protect you against malicious attacks.
Display name spoofing has become a headache for every organization and represents 91% of phishing attacks. Paubox's patent-pending ExecProtect feature immediately identifies and quarantines attacks, never letting them get to the inbox.
Paubox Email Suite Plus is constantly improving and uses new approaches to detecting threats, such as checking senders domain age and leveraging Google's safe browsing API to stay ahead of threats that may not yet be on blacklists.
Paubox secures nearly 70,000,000 email each month for over 4,000 healthcare customers. Our security features are patented and the technology we use to protect your organization is HITRUST-CSF certified.
All three of the powerful security features below are included in our Paubox Email Suite Plus and Premium. Try them along with a robust array of other threat vector solutions that are designed to shrink healthcare's attack surface at no-risk.
EXEC PROTECT
1. Patented tech that prevent employees being tricked by filtering phishing, display name spoofing attacks and ransomware.
GEO-BLOCKING
2. Quarantine emails from IP addresses originating from countries that send high volumes of spam or malicious emails.
ZERO-TRUST
3. A patented and proprietary algorithm that adds a personalized layer of authentication to filter out suspicious emails.