The more web properties an organization has, the wider its potential attack surface. But what is an attack surface, exactly? This article seeks to enlighten on attack surface management and how you can seek the utmost protection for your company.
Attack Surface: Definition
An attack surface refers to all potential attack entry points (attack vectors in technical terms) cyber attackers can use to get malicious files—malware most likely—into your organization’s network and get sensitive data out of it as a result.
Attack vectors come in various forms, including stolen credentials, weak passwords, malicious insiders, missing or poor encryption measures, and software or hardware misconfigurations.
Attack Surface: Types
Three types of attack surfaces exist—digital, physical, and social engineering. More detailed descriptions of each are provided below.
- Digital attack surfaces: Include every web property that resides outside your firewall. They can be accessed and exploited (if not adequately secured) through the Internet. They include known, unknown, and rogue assets. All domains and subdomains (which make up domain attack surfaces) companies maintain fall under this category.
Known assets refer to the web properties in an organization’s inventory like their corporate website, servers, and all other hardware and software connected to or that run on them. Unknown assets, meanwhile, also known as “shadow IT” or “orphaned IT,” include forgotten websites and employee-installed software. They are not strictly under the IT team’s control. Sometimes, the teams don’t even know these assets exist. Finally, rogue assets are those that IT teams have yet to discover. These include malware, typosquatting domains or subdomains, or mobile apps that claim to be part of an organization.
- Physical attack surfaces: Refer to all the security vulnerabilities in systems or networks that attackers can physically access if they enter a target’s office, server room, or other physical location where confidential data is stored. These are typically exploited by insider threats like rogue (dissatisfied or paid by competitors) employees, insufficiently protected personal devices connected to your network, or intruders posing as service workers.
- Social engineering attack surfaces: Pertain to the total number of individuals within an organization who are susceptible to social engineering ploys. Social engineering exploits human weaknesses to manipulate victims into divulging confidential information or performing actions that go against their companies’ security protocols. It is the tactic cyber attackers use to get employees to download a piece of malware disguised as an office document in a phishing email.
Why Attack Surface Management Is a Must
While protecting your business’s physical premises is achievable with the best security team money can buy, securing your digital and social engineering attack surfaces may not be as easy to do. They require the use of various tools to give you a 360-degree view of your digital presence or footprint.
Utmost security requires keeping a keen eye out on all your web properties. Anything or anyone connected to the Internet can pose risks. A survey of the corporate digital attack surface of the Financial Times Stock Exchange 30 Index (FTSE-30) revealed the average number of threats that today’s companies face.
A study on domain attack surface management (a mere subset of a company’s total digital attack surface) looked at 10 of the most-spoofed organizations today, revealing that:
- The average size of an organization’s domain attack surface can comprise as many as 17,734 domains and subdomains.
- Typosquatting domains could amplify a company’s domain attack surface by more than 8,000%.
The facts presented in this post show the extent of organizations’ potential attack surfaces. But protection is not impossible. Robust attack surface management solutions powered by DNS, WHOIS, and IP intelligence can help IT teams monitor their companies’ vast digital footprint and secure their infrastructure.