Get a better sense of the cyber threats facing your business and what you can do about them
To help build your cyber security expertise and toolset to stay ahead of evolving threats, Field Effect is publishing a series of blogs designed to help IT professionals choose the right cyber security for their business.
Between constantly evolving attacks and the effort it takes to defend against them, your cyber threat surface is ever-changing.
As companies scale their operations, staying ahead of these changes is hard and time-consuming, but still a necessity to ensure operations remain secure — which is easier said than done.
The good news is that a bit of knowledge goes a long way. After all, as a certain Saturday morning cartoon taught us, “Knowing is half the battle.” When you understand what it is you’re trying to protect, it becomes much easier to take steps to defend against an attack.
Let’s take a closer look at the concept of the cyber threat surface and what it means for your business.
What is a cyber threat surface?
Also known as an attack surface, your threat surface includes all areas of your IT network where unauthorized users or attackers could exploit vulnerabilities to gain access to systems and confidential data to stage an attack.
By taking active steps to manage and reduce your threat surface, you can reduce the likelihood of a successful cyber attack on your organization.
Of course, it’s easier said than done. For one, understanding and managing your threat surface takes time. For another, as new technology, users, and connections are introduced, your threat surface expands, increasing the number of attackable points and the overall risk for your business.
The good news is that by taking the time to understand, manage, and reduce your threat surface, you can improve your cyber security posture to identify and prevent acts early.
Let’s take a closer look at what constitutes a threat surface, how attackers exploit vulnerabilities, and steps you can take to reduce your security risks.
Understanding your attack surface
Before we dig into the topic, let’s start with the basics.
A cyber threat surface can include any number of components, and mapping and visualizing it all can be challenging.
Think of it this way: a brick-and-mortar store or office also has a threat surface. In this case, it’s every point of entry and every potential vulnerability in the building. A criminal could smash the front window, break down a door, or use a side window. Maybe they’ll be a bit bolder and attempt to rob the cash by coming in during work hours. Safes, cash boxes, inventory, company vehicles, and more could all be considered part of a company’s threat surface.
With this idea in mind, it becomes a bit easier to visualize a cyber threat surface — it covers the hardware, software, data, people, and devices in your organization.
We can even break things down further. The cyber threat surface has two major components — the digital and physical attack surfaces.
Digital attack surfaces
Like the name suggests, the digital attack surface covers all things software- or data-related. These are the non-tangible aspects of the threat surface, those pieces of IT that you own or use that don’t have a physical footprint.
A digital attack surface could include:
- Unsupported or unpatched software, workstations, and even servers.
- Misconfigured cloud services.
- Services and devices that connect to the internet, including those that support remote work and Internet of Things (IoT) devices such as smart speakers or security cameras.
- Web and desktop applications, including cloud-based SaaS deployments or email services.
- Open ports.
- Shadow IT, software that interacts with a company’s IT infrastructure but is not under their direct control.
- Expiring domains and certificates.
- Company information or data on the internet.
Vulnerabilities in any of the above could give attackers an easy way to access your confidential data, letting them inject malicious code to obtain sensitive information, or encrypt it and hold it for ransom.
Physical attack surfaces
The physical attack surface is the other side of the coin. It refers to the tangible devices and technology that connect to a network — everything from a computer to a router, even a small flash drive. These are real objects that could be compromised through physical presence.
The physical attack surface could include:
- Desktop and laptop computers.
- Mobile phones.
- Routers, switches, and servers.
- Devices with USB ports, such as printers.
- Removable data storage, like USB flash drives.
- Smart devices, including TVs, security cameras, and other technology.
If attackers were to gain access to a physical device, they could then explore the systems and networks it connects with, letting them stage any number of further attacks.
The cyber threat surface covers a lot of stuff. When you think of it in terms of digital and physical components, suddenly even the smallest business’ threat surface can feel overwhelming. It’s also a major example of the lightning-fast evolution happening in cyber security.
How are cyber threat surfaces changing?
If you’ve spent time exploring anything related to cyber security, then you’ve probably noticed one theme: it’s always changing.
New threats, defenses, and technology are always in play, and attackers and defenders are always trying to get a leg up on each other. Equal parts cat-and-mouse game and arms race, cyber security is a dynamic subject that continues to grow at a rapid pace.
And, as we’ve mentioned, new technology could introduce additional risks and security concerns — which doesn’t help companies trying to get a better handle on managing their threat surface. The human factor is also a growing concern, especially considering the increasing number of remote workers.
As more employees choose remote work over in-office work, this risk increases: in-office or out, each employee expands the threat surface. Even with a secure internet connection and the right toolset, a single click can easily undo all the work that goes into keeping a company safe.
To secure remote workforces, businesses are adding technologies and tools. Whether to close gaps, eliminate vulnerabilities, or monitor their network, it’s not uncommon for companies to use a significant number of tools to get the job done.
But new tools need to be securely integrated into a tech stack. Misconfigured software or technology could introduce gaps in your security, exposing you to new threats.
What’s more, like any other piece of technology, cyber security tools may also bring risks and concerns of their own.
All of this is to say that IT networks and systems are becoming more complex. That complexity increases your threat surface, making it harder to spot attacks early and take appropriate action to mitigate cyber threats.
Common risks and threats
Regardless of whether you’re actively being targeted by an attacker or not, your company may have weaknesses that expose it to a wide range of potential attacks and cyber risks at any given time:
- Ransomware: Ransomware attacks use strains of malicious software (malware) designed to block access to your computer or data, encrypting it or locking it up and demanding payment to restore access. Ransomware attacks frequently rely on phishing or brute force techniques to gain initial access to systems and then exploit vulnerabilities to infect systems further and install ransomware.
- Phishing: Phishing attacks leverage social engineering techniques to appear as legitimate requests, luring users into taking action that would compromise their account. Phishing is frequently used to compromise and harvest credentials but may also be used for online fraud or to conduct further malware attacks.
- Compromised credentials: All too often, a weak password or one that’s reused across multiple accounts can provide cyber criminals the access they need to stage an attack. Successful phishing attacks can also provide attackers with the credentials they need to access IT systems. Any repeated instances of that password are thus also compromised.
- Brute force attacks: Brute force attacks are, as the name suggests, attempts to forcibly gain access by using predetermined values to make repeated requests to a server and analyzing the responses. Think of a numeric keypad used to unlock a four-digit code; using a program or tool, an attacker would automate testing every possible variation of the code to find the right combination and gain access.
- Zero-day attack: Zero-day attacks occur when a cyber criminal exploits a vulnerability before the software manager can patch it. These vulnerabilities are often unknown until the day of the attack, hence the name.
- Unnecessary or exposed code: All code has the potential to contain flaws, and extraneous or unnecessary code left in a program could provide attackers a potential vector for accessing confidential data. Reducing the amount of code used in your IT network and software can help reduce your threat surface.
- Misconfigured services, devices, and systems: Settings and configurations that cause unintended behaviour on an IT system could pose a threat to your security. For example, incorrectly configured remote desktop protocols (RDPs) can expose your business to major threats such as ransomware.
- Insider threats: Threats can also come from within an organization or network. Employees deliberately or accidentally providing unauthorized users with access is another risk facing any business.
This list is by no means comprehensive but should give you a sense of a few risks to the threat surface.
Threat surface assessment, management, and reduction
Assessing and managing your threat surface while reducing the number of attackable points requires knowledge and experience. Building both takes time. After all, to stop a threat, you need to know what you’re securing, which requires a greater understanding of your IT network and systems and the impacts an attack would have on them.
The concept of cyber situational awareness (CSA) can help your business better focus on the threats most likely to affect your IT environment.
CSA can best be defined as:
- Knowing your network.
- Knowing your threats.
- Knowing how to respond to these threats.
Building your organization’s CSA can help you map out every component of your IT network, a process you’ll need to do as part of any threat surface management and assessment initiative your business undertakes. What’s more, CSA can also help you take a proactive, big-picture look at your cyber security needs.
Take some time to do this and consider an attacker’s perspective. Where might they try and gain access? Are there any particularly obvious attack vectors or vulnerabilities that you’re already aware of?
Generally speaking, there are three major components of this assessment:
- Conduct an inventory of your IT assets. What IT assets does your business use, and what might be of value to others? This can include hardware, software, and internet-facing assets, as well as personal data, sensitive information, intellectual information, and even your supply chain.
- Measure risk. What would be the worst-case scenario if your assets were compromised? How vulnerable to attack are these assets? Take time to assess the risks your assets may introduce and evaluate the protections you have in place. This will help you establish a security baseline that you can measure against as you resolve risks and improve your security.
- Improve security posture. Once you’ve assessed your IT assets and determined their risks, you can use this information to make some strategic decisions about your security posture. What protections do you have in place now? Are they sufficient or do you need more resources? Who is responsible for protecting your assets? This approach can help your company pinpoint the threats most relevant to your business and make decisions accordingly.
It’s important to repeat the process regularly as you add or remove potential attack vectors and continue to strengthen your defenses. This can give you a measurable look at your threat surface, how it continues to change as your IT environment evolves and your security improves.
Misconceptions about the attack surface
As complex as it can be, the attack surface is still an important component of your cyber security program. Understanding what it is, how it works, and what it means for defending your business is absolutely vital.
Unfortunately, that complexity of doing so can lead to common misconceptions and misunderstandings about the attack surface — here are some of the big ones.
“My business isn’t big enough to have a cyber attack surface.”
If the technology your business uses in day-to-day operations faces the internet in any way, then you have an attack surface that a criminal may attempt to exploit. No business is immune from being targeted by an attacker, whether it’s a small “mom-and-pop” shop with a modest digital storefront or a major multinational corporation. In fact, smaller businesses may be more appealing targets for cyber criminals because of their inexperience or unfamiliarity with security.
“New software and technology will solve security issues.”
This is a bit of a double-edged sword. While it’s true adding software and technology can help businesses manage their cyber security needs, simply adding software and programs will not reduce the attack surface. If anything, additional software expands it, as it represents another attackable point for a criminal to exploit. New tools and technology also introduce additional alerts and warnings, which can lead to alert fatigue that could result in missing critical issues and threats.
“If it’s in the cloud, it’s secure.”
Cloud-based services and software are just as attackable as any other part of an IT environment. What’s more, many cloud services operate on a shared responsibility model. This means that, while cloud service providers will take efforts to secure their assets, they are not responsible for securing the connection to your assets.
Taking a holistic approach to reducing your cyber threat surface
The threats facing your business are growing in lockstep with the defenses keeping you safe. Cyber security is a challenging subject, especially as IT networks continue to become more and more complex.
That’s why it’s more important than ever to find a holistic solution that enables a proactive approach to monitoring, detecting, and responding to activity across your network, cloud services, and endpoints. You need to know what you’re facing and what you’re working with in order to secure it properly.
Reducing your threat surface is about putting that information to use as you watch for threats, proactively close gaps in your security, and take steps to build a more secure business.
To stay informed about cyber risks and how threat monitoring, detection, and response can protect your business from cyber threats, sign up for our newsletter below.