Contact us
Request demo →
Contact us
search
close

Understanding your organisation’s attack surface and why it poses a risk

by Vincent Thiele Blog 3 Jun 2021

Your attack surface is the sum of the exposed and internet-facing assets, and the associated risks a hacker can exploit to carry out a cyber-attack. Over the past decade or so, that attack surface has changed dramatically. Long gone are the days when the only things exposed to the outside world were your website and your mail server.

Today, increased complexity means that many organisations often have huge attack surfaces – in fact, we believe that the attack surface has grown by around 1000% in the past 10 years.

A constantly changing problem

If that wasn’t enough of a challenge in itself, the modern attack surface is constantly evolving. The explosion of connected technologies means there are a host of new threat points within organisations: from third-party SaaS and IaaS providers, to VPNs, and from marketing partners who run campaigns and build infrastructures for you to the challenges of BYOD and shadow IT.

On top of this, the agile development world of DevOps is an additional challenge with apps being central to most financial institutions’ business models. The use of bi-weekly sprints and continuous deployments means infrastructures are in an almost constant state of change. 

Below is just a quick snapshot of some of the areas where different departments can make changes to your attack surface under the radar and that you need to be aware of when trying to protect your data: 

  •     Cloud adoption, migrations – Exposed assets and storage buckets
  •     Development Team – New Assets and Testing
  •     Networks – New Netblocks and advertisements
  •     Marketing – New subdomains for landing pages hosted at design
        companies
  •     Sales – Campaigns and e-Commerce 
  •     IT operations – Configuration Changes, Patching, New Assets, and      services
  •     Security – Fixes, Agent deployments, new assets
  •     Mergers and Acquisitions – Risk associated with newly acquired          assets
  •     Subsidiaries – Complexities of assets not controlled
  •     Suppy Chain Risk – Hosting providers, third parties 

And that’s without taking into account the effects of the Covid pandemic. Changing infrastructure due to new working practices alongside the turbo-boost that digital transformation has been given resulting in a rapid shift to the cloud of everything from HR services to core business applications, have added a whole new layer of possible weak points and attack vectors for organisations.

Every one of these factors increases the risk of your business’s data being compromised in some way. 

Tackling the Exponential Growth of the Attack Surface - smallBanner

Attackers are changing too

But it’s not just the proper indexing and management of new assets that you need to be concerned about. Attackers are getting more and more sophisticated in the techniques and technologies they use to locate and exploit vulnerabilities, and different areas of exploitation are appearing all the time.

Many companies already deploy a range of both defensive and offensive techniques to defend their networks from cyber attacks, including advanced, complex and expensive Threat Intelligence teams that track campaigns run by cyber criminals.

However, even if you do have the money and resources to create skilled teams like this, something as simple as a web server with an exploitable vulnerability can easily go unnoticed, leaving it open for a threat actor to exploit that asset. And in the end, manually checking and fixing every little misconfiguration is not the kind of repetitive work you employ an expert team for. 

Don’t be undone by simple mistakes

Malicious or just simple mistakes are almost impossible to track and control, and they can result in the most extensive exposures to a business. There are constant examples of configuration changes implemented that resulted in regulatory breaches or opening vulnerabilities that have been exploited. Security teams will focus on external and internal actors, but monitoring resulting changes requires an external view.

With your attack surface moving and changing all the time, it is crucial to be in control of this on a day-to-day basis, and to understand the risks posed to your organisation. Yet, having the comprehensive overview that allows you to be in control and to protect against threat actors has seemingly never been more difficult to achieve.

If your organisation continues to take an inside-out approach to your security, you will not be able to see the blind spots that will ultimately introduce the brand's biggest risk. Instead, you can see how a threat actor sees your business and your brand by deploying an effective attack surface solution that gives you a comprehensive view of where your possible threats are.

Ultimately, this allows you to take back control of your attack surface by monitoring risk, confirming changes have been made, and monitoring security policy governance. Such an automated solution will not only help detect the biggest security threats, but will also provide the insights into your overall attack surface, giving you all the data needed to take your security to the next level. 

To find how you can easily achieve effective attack surface monitoring for your organisation, download our free whitepaper Tackling the Exponential Growth of the Attack Surface – Why you need to know what you have, where it is, and what it’s doing.

Download whitepaper (PDF) →

Disinformation: a certainty in uncertain times

Since the beginning of the internet, we have seen a near, if not an exponential, surge of information sharing amongst users in cyberspace. Not long after, we saw how the emergence of social media ushered an access to public online platforms where other internet users worldwide could share, discuss, promote, and consume information, whether by deliberate choice or not.

read more

Threat Report: Remote vulnerability in Confluence, fixes available

On 2 June, 2022 a critical vulnerability was identified in Atlassian Confluence (CVE-2022-26134). The vulnerability in question relates to active exploitation of unauthenticated remote code execution in Confluence Data Center and Server; meaning that the vulnerability could lead to code being executed remotely.  

read more

Looking back on the 2021 vulnerability: Log4shell

In December 2021 a critical vulnerability surfaced named Log4shell within Log4j, a widely used logging tool for java applications. Log4j is used globally by computers running online services, which meant it impacted a multitude of people, organisations, and government organisations. Since then, multiple fixes have been implemented in the hope to avoid such an outbreak in the future.

read more

Do you have a question?

Our experts have the answers

Contact us