What is a cyberattack surface and how can you reduced it?

 Discover the best ways to mitigate your organization’s attack surface in order to maximize cybersecurity

 By Phil Muncaster

 In almost all coverage of modern breaches you’ll hear mention of the “cyberattack surface” or something similar. It’s central to understanding how attacks work and where organizations are most exposed. During the pandemic the attack surface has grown arguably further and faster than at any point in the past. And this has created its own problems. Unfortunately, organizations are increasingly unable to define the true size and complexion of their attack surface today—leaving their digital and physical assets exposed to threat actors.

Fortunately, by executing a few best practices, these same defenders can also improve their visibility of the attack surface, and with it, gain enhanced understanding of what’s necessary to minimize and manage it.

What is the corporate attack surface?

At a basic level, the attack surface can be defined as the physical and digital assets an organization holds that could be compromised to facilitate a cyber-attack. The end goal of the threat actors behind it could be anything from deploying ransomware and stealing data to conscripting machines into a botnet, downloading banking trojans or installing crypto-mining malware. The bottom line is: the bigger the attack surface, the larger the target the bad guys have to aim at.

Let’s take a look at the two main attack surface categories in more detail:

The digital attack surface

This describes all of an organization’s network-connected hardware, software and related components. These include:

Applications: Vulnerabilities in apps are commonplace, and can offer attackers a useful entry point into critical IT systems and data.

Code: A major risk now that much of it is being compiled from third-party components, which may contain malware or vulnerabilities.

Ports: Attackers are increasingly scanning for open ports and whether any services are listening on a specific port (ie TCP port 3389 for RDP). If those services are misconfigured or contain bugs, these can be exploited.

Servers: These could be attacked via vulnerability exploits or flooded with traffic in DDoS attacks.

Websites: Another part of the digital attack surface with multiple vectors for attack, including code flaws and misconfiguration. Successful compromise can lead to web defacement, or implanting malicious code for drive-by and other attacks (ie formjacking).

Certificates: Organizations frequently let these expire, allowing attackers to take advantage.

This is far from an exhaustive list. To highlight the sheer scale of the digital attack surface, consider this 2020 research into firms on the FTSE 30 list. 

Full article on www.welivesecurity.com