An attack surface is a point of attack. InIT security engineering, it refers to the points of attack that an attacker can use to launch an attack on a computer, system, or network and gain unauthorized access.
Every point of interaction is a potential attack surface. Open ports as well as resources of untrusted users or the Internet in general. As for the users themselves, there are various human vulnerabilities, the Human Attack Surfaces. These include terminated or sick employees, negligent or malfunctioning employees, or dependence on social networks.