Cyber security, one of the most rapidly expanding industries today, is crucial to any business. Ranging from data loss prevention, identity management, incident response, and others to attack surface management.
Managing your organization’s attack surface is one of the most important dimensions of cyber security. This process need not be a manual task where specialists need to wade through endless lines of log files and firewall manifests. Platforms such as cyberpion.com, for example, can assist organizations in actively reducing their attack surface through real-time monitoring of high-risk assets.
When it comes to attacking surface management some common factors could be identified as catalysts that inevitably expand an organization’s attack surface. We will discuss only a few of those factors in this article.
Vulnerability Management vs Attack Surface Management
Attack surface management is a holistic term used to describe the various disciplines in cyber security where possible threats are identified and addressed. Vulnerability management, being one of its subsets aims to address vulnerabilities that exist internally on an organization’s infrastructure or cloud environment. Attack surface management, therefore, addresses both internal and external environments of an organization that might introduce weak points for threat actors to attack.
Factors that Increase your Attack Surface
Although thorough attack surface management can be executed on visible or clearly defined assets within the current security team’s vantage point, organizations often fall prey to data breaches through external technology or services that might have been overlooked. These are not always threats that originate from sources external to the organization’s ecosystem either. These threats can even be introduced into the ecosystem by employees acting without the oversight of the organization’s cyber security team.
Shadow IT
Organizations would have been able to manage their attack surface with great efficacy if human nature could have been eliminated from the hypothetical cauldron, we call cyber security today.
Shadow IT refers to the practice of users who disregard security policies relating to the use of unapproved applications and cloud services. The organization’s attack surface is increased, unbeknown to security operations by users arbitrarily installing various applications or registering for SaaS services to process organizational and client data.
This practice moves the goalpost of any security team into the unknown, as the only limit to the attack surface would be the extent to which users have been breaking protocol.
Social Engineering
Another proliferator of attack surface based on human interactions is social engineering. This is the practice of fooling people into giving sensitive information through channels thought to be trustworthy. Social engineering often relies on a predisposed emotional connection people might have to a spurious claim made by threat actors. Baiting victims with fear or promises of some unwarranted monetary gain.
Another method of social engineering is to utilize the habitual nature of users by creating an online watering hole for users who are interested in a specific service or topic. By compromising a site frequented by a specific group of people, threat actors can perform various attacks, ranging from identity scraping to tricking users to download malware onto their devices. This malware could in turn be utilized to gain access to an organization’s IT ecosystem.
Because of the sophistication of waterhole attacks, a breach might not be evident right away but will take some time to have maximum impact.
Open-Source Code Sources
With such a vast range of open technologies in use today it should not come as a surprise to cyber security teams that development teams might utilize external code libraries. These libraries are typically utilized to improve the appearance and functionality of applications including their compatibility with common APIs.
It is crucial that the libraries that are in use be accurately quantified. Oversight might result in applications being developed and hosted for clients to be concealing malicious code, increasing the attack surface of the organization.
Conclusion
It might seem as though attack surface management is only a hot topic or buzzword that will fade. It does however address a legitimate, and often overlooked, collection of evolving threats. By having a holistic approach to cyber security organizations can safeguard themselves against data breaches that could result in crushing litigation and serious damage to their reputation.
