Of all of the technological impacts that the pandemic has had on modern business, the radical increase in the average size of a business attack surface is one that’s continually overlooked. An external attack surface is the total sum of all of the assets and attack vectors that are connected to a business.
With the continual rise in business-orientated cyber crime and the mounting threat from online hacking, this is an area that all businesses should be paying more attention to. The increase in online accounts, user portals, and remote-working features has led to a whole host of new potential attack vectors appearing across businesses.
Especially for medium and enterprise-sized companies, the digital attack surface they’re dealing with is often far greater than what is assumed. In order to protect companies from this digital threat, they need to ensure that their external attack surface management is as robust as possible.
In this article, we’ll dive into three tips for attack surface management, helping businesses to push back against the rising cyber threat.
Conduct Technology Asset Surveys
The first step that every security department should conduct when attempting to improve their external attack surface management should be a comprehensive survey of all connected digital assets. Of course, if a team doesn’t know what devices and ports are connected to a business, they’re unable to create defenses for them.
Identifying all related technology assets will provide a clear map of where your security team needs to work on. This should span across all connected assets, covering all of your platforms, databases, services, IoT devices, and even all of the third-party and open-source software that you use.
Once you’ve created a list of all of the connected assets, you’re then able to start categorizing them depending on what they are. This is important for the creation of defense strategies, as what a security team crafts for database protection will vary greatly from tactics used when securing user accounts.
As businesses become more complex, global, and employ remote staff, the number of connected devices and accounts will grow. That’s why it’s important to continually launch these analyses, helping to ensure you have an updated list of what potential avenues for entry are linked to your business.
Turn To Automation
As attack surfaces have continued to grow, manual management has quickly become a nearly impossible feat. When working manually, the vast majority of security teams aren’t even able to make a list of all the connected attack vectors that are linked to their business. Of course, being unable to do this initial step means that protecting the entire scope of an attack surface is equally impossible.
In order to ensure efficient external attack surface management, your business should endeavor to turn to automated tools. There are a number of benefits to automatic defense tools:
- 24/7 - Security teams are, unfortunately, limited by the passing of time. With automatic tools, you can run attack surface management and monitoring around the clock. Without a need to break for sleeping, this converts your security system into a 24/7 force, one that will radically improve your chances of overcoming a cyberattack.
- Comprehensive - With familiarity of the entire scope of what a company’s attack surface could entail, an automatic tool will be able to sweep across the surface and find vulnerabilities. Whether it’s monitoring for attacks or conducting an ongoing security analysis, this is sure to help your business build up more effective cyber defenses.
- Notification System - If these tools encounter a potential vulnerability, they can send documentation to your security team. This means your team will spend less time searching for vulnerabilities and more time fixing them.
Over time, automatic attack surface management will radically improve your general cybersecurity scores, helping to keep your business as safe as possible.
Close User Accounts As Quickly As Possible
Some of the most common entry points into a business’s private data, according to the MITRE Attack Framework, come from vulnerabilities created by or exposed through user accounts. Especially after the pandemic, the number of different platforms that each business uses in its tech stack has created an almost untraceable number of new windows of opportunity for hackers.
In order to effectively manage your external attack surface, your business needs to know which accounts belong to which people. After conducting this initial analysis, you should then ensure that whenever someone leaves your company, all of their accounts and locked and terminated immediately.
By doing this, you help to curtail the mounting number of new accounts that are connected to your business. This will stop hackers from being able to find older accounts and enter them, ensuring that there are no unforeseen backdoor entry points vulnerabilities.
This strategy has actually been readily practiced by some of the largest tech companies in the world. Over the past few months, we’ve seen a number of unfortunate layoffs in the tech industry. Companies like Microsoft and Amazon instantly deleted user accounts, removing personal access to email accounts, Slack channels, and a number of other security vectors.
As we’ve suggested, this is an attempt to reduce the number of potential avenues for a security risk. Just like these major tech companies, your business should always close user accounts as soon as possible, nullifying this potentially perfect entry point for a hacker.
Final Thoughts
The external attack surface management is an incredibly comprehensive field, one that stretches far beyond the capabilities of any individual security team. By shifting to using automatic tools and processes, businesses are able to radically reduce the total exposure their attack surface creates.
Alongside that, by incorporating the other tips that we’ve laid out into your standard cybersecurity practices, you’ll have much better control over all of your cyber assets. The fortification of your security defenses is important. But, without full visibility of your external attack surface, your cybersecurity teams simply won’t know where to begin.