Exploits & Vulnerabilities
Out of control? Why it’s time to map the digital attack surface
Around a year ago a cyber-attack on a little-known US oil pipeline thrust ransomware into the media spotlight, and grabbed the attention of the White House.
Around a year ago a cyber-attack on a little-known US oil pipeline thrust ransomware into the media spotlight, and grabbed the attention of the White House. The ensuing months saw a flurry of government efforts designed to improve the defensive posture of global organisations, with cyber risk management planted firmly front-and-centre of recommended best practices. The cyber-criminals who breached Colonial Pipeline may have unintentionally done a great deal of good for the security community. But recognising the importance of risk management and putting it into practice are two different things.
Where should organisations start? The answer lies with mapping and understanding the digital attack surface. Unfortunately, as new Trend Micro research reveals, only half (51%) have been able to do so, with many more identifying major visibility gaps.
What is the digital attack surface?
The attack surface is comprised of all the digital assets that could be compromised by remote or local threat actors. This includes:
- Laptops and PCs
- IoT endpoints
- Mobile/web apps and websites
- Remote desktop protocol (RDP) endpoints
- Virtual private networks (VPNs)
- Servers
- Cloud services
- Supply chain infrastructure and services
Attacks target these via a wide variety of tools and techniques— from phishing to vulnerability exploitation. And once inside networks they may move laterally to other parts of the attack surface. Trend Micro’s 2021 roundup report reveals just how exposed organisations are today.
Visibility is tough
There’s an old adage in cybersecurity which is relevant here: you can’t protect what you can’t see. That makes gaining visibility into all of these digital attack surface assets a vital first step on the road to mitigating the risk of serious compromise. But this isn’t as easy as it looks. Respondents to our new study estimate that they have visibility into only 62% of their total attack surface. The real number could be much lower. Why the problem? Several reasons, including:
- A lack of the right tooling
- Too many tools, creating information silos
- Opaque supply chains
- Dynamic and ephemeral cloud environments
- The size, complexity and distributed nature of modern IT environments
- An explosion in remote working endpoints and shadow IT during the pandemic
A platform-based approach
With findings like these, it’s not surprising that nearly three-quarters (73%) of IT and business leaders we polled are concerned with the size of their digital attack surface. Over two-fifths (43%) even admit that it is “spiralling out of control”. CISOs must find a way to gain visibility into all their digital attack surface assets, use that information to continuously calculate risk exposure, and then have the right tools to hand to prevent, detect and respond to threats across those assets.
That’s far from easy given that most security teams have multiple overlapping tools which create data silos and visibility gaps, as well as impact the ability of defenders to do their jobs effectively. This is where a platform-based approach could reap major dividends. Not only can a unified platform offer a single holistic view of the attack surface, it could also be used to assess risk exposure and then deploy controls to mitigate that risk. It could also reduce the cost of managing multiple point solutions, and free-up talent to work on strategically important tasks.
Over half (54%) of the organisations we spoke to admit their method of assessing risk exposure isn’t sophisticated enough. In a world where geopolitical instability has lent ransomware mitigation a new urgency, it’s time for a change. Find out more.