Threat Vector

A threat vector is the method or pathway an attacker uses to gain access to your systems or deliver a malicious payload. Common threat vectors include email (phishing), web browsers (drive-by downloads), remote access services (VPN exploitation), removable media (USB attacks), supply chain (compromised software updates), and social engineering (manipulating people).

Understanding your threat vectors helps you prioritize defenses. If most attacks against defense contractors come through email (they do), then investing in email security, phishing training, and email authentication provides high-impact protection.

Why It Matters

CMMC requirements address all major threat vectors — email filtering, web security, access controls, media protection, and security training. Understanding which vectors are most commonly exploited helps you prioritize implementation and focus on the highest-risk areas first.