What is an Attack Surface?

An attack surface is simply the number of possible ways an attacker can get into a device or network and extract data. An attack surface is an especially important measure for small and medium size businesses because most think they are too small to be a target, but a quick look at their attack surface shows that it is often quite large, which increases their exposure to risk.

Two Primary Attack Surfaces: Devices and People

Devices - Because businesses are using more and more devices, there are more gateways for cybercriminals to carry out a cyberattack. Predictions are that by 2020, businesses will account for six billion devices connected to the internet, ranging from laptops and phones to Internet of Things. This inevitably means that the use of vulnerable operating systems and applications will profoundly increase a typical SMBs attack surface.

The number one security threat to devices is a hybrid ransomware attack. A ransomware attack on its own is bad enough. It allows hackers to take control of a device, after which they demand a ransom from the user before they can regain control. Today, ransomware is also spread in a hybrid form. By combining ransomware with the capabilities of a virus, it does not just infect one device, but easily spreads through the entire network.

People - Sophisticated cyberattacks are mostly targeted at employees because they are the weakest link in the digital security chain. In fact, 37% of security breaches can be attributed to human error. Password policies and other safeguards designed to protect people, such as multi-factor authentication, are not standard practice within most SMB organizations. In fact, research by the Ponemon Institute showed that 57% of SMBs do not have a password policy in place which no doubt increase the size of an attack surface.

The number one threat affecting people is targeted social engineering, which tricks people into handing over confidential company information. The hacker often contacts employees via e-mail, pretending to be a credible organization, such as FedEx, a bank, or even a colleague. Most employees do not have the knowledge to defend themselves against these advanced social engineering attacks.

Best Practices to Reduce Your Attack Surface

To reduce the attack surface, SMBs should regularly assess vulnerabilities, secure weak points, and monitor anomalies.

Assess - The first step in assessing potential vulnerabilities is to identify all the physical and virtual computing devices within the organization. That list should include all of these possible attack surfaces:

  • Workstations and laptops
  • Network file servers
  • Network application servers
  • Corporate firewalls and switches
  • Multi-function printers
  • Mobile devices

This infrastructure assessment should distinguish between cloud and on-premise systems and devices. This makes it easier for you to determine all possible storage locations for data.

Now, categorize all business data and divide it into three locations: cloud, on-premise systems, and devices. For example:

CLOUD ON-PREMISE SYSTEMS DEVICES
  • Cloud email & applications
  • Cloud storage
  • Websites & social media
  • Databases
  • File sharing and storage
  • Intellectual property
  • Presentations
  • Company memos
  • Statistics and reports


Next look at who has access and what kind of access they have. This third and final attack surface assessment is used to gain insight into the behaviors of each department or user within an organization, even if these users are unknown. These findings can be divided into the same three categories and should include the following aspects:

  • Specific user access
  • Multi-user access
  • Unknown user access

Secure - After conducting the assessment, the next step is to determine what security you need in light of your current attack surface. Below is an overview of the key security services a typical SMB requires.

DATA DEVICES PEOPLE
CONTENT FILTERING
Content filtering allows you to regulate which websites are safe for employees to visit and which are not.  

ANTIVIRUS
Installing and monitoring antivirus on all devices – from PCs to mobile phones – is critical to reducing an attack surface.

SECURE AUTHENTICATION
There are many ways to achieve this but defining password policies and using SSO and MFA are good first steps for an SMB.

EMAIL ENCRYPTION
With end-to-end encryption, only the sender and receiver with a decryption key can view the contents of the email and any attachments. 



PATCH MANAGEMENT
All software systems come with vulnerabilities, but they can be resolved by installing patches and by keeping the software up to date.


 

SECURE REMOTE WORKING
Remote workers need a VPN connection to their company network that encrypts all traffic to provide them with secure access to company data and applications.


DATA LOSS PREVENTION
A DLP solution prevents end users from sharing sensitive data outside the company network by regulating what data they can transfer.



REGULAR VULNERABILITY SCANS
Vulnerability scans should be done regularly and include the status of antivirus software, password policies, and software updates.


DEFINE PROCESSES & POLICIES
Define what data needs protecting and how. Make this information available so everyone understands their role in keeping the business safe.


BACKUP AND DISASTER RECOVERY
Even though you have taken every precaution, it is important to have a solid BDR solution in place that can restore operations quickly, at the push of a button.



WEB SERVER HARDENING
Web servers usually sit at the edge of network making them more vulnerable to attacks. Proper hardening ensures default configurations are changed and that certain services and displays are disabled.


PROVIDE SECURITY TRAINING
People cannot defend themselves against threats they are unaware of. Therefore, it is crucial to educate employees on ways to protect themselves, for example by creating strong passwords and recognizing phishing scams.



In Conclusion

SMBs face a threat landscape that is ever evolving. Knowing exactly what your attack surface is and how to reduce that surface is critical. The sophisticated threats and lack of awareness among employees often results in insufficient security and protection. Managed security presents an opportunity to provide the strong, cost-effective cybersecurity protection that SMBs require in order to reduce their attack surface and exposure to risk in today's online business world.

Continue Reading...

 

Secure Internet Gateway

Complete Security with Powerful Cloud-Based Firewall Capabilities for All Ports and Protocols.

Learn More >

On-Demand Webinar

Appliances vs Modern Security. Six Reasons Why Your Security Appliance and UTM Solution is Failing Your Business.

Learn More >

White Paper

Learn How a Secure Web Gateway Can Stop Cyber Threats at the Source While Reducing Costs and Increasing Protection.

Learn More >