What is an Attack Surface?
An attack surface is simply the number of possible ways an attacker can get into a device or network and extract data. An attack surface is an especially important measure for small and medium size businesses because most think they are too small to be a target, but a quick look at their attack surface shows that it is often quite large, which increases their exposure to risk.
Two Primary Attack Surfaces: Devices and People
Devices - Because businesses are using more and more devices, there are more gateways for cybercriminals to carry out a cyberattack. Predictions are that by 2020, businesses will account for six billion devices connected to the internet, ranging from laptops and phones to Internet of Things. This inevitably means that the use of vulnerable operating systems and applications will profoundly increase a typical SMBs attack surface.
The number one security threat to devices is a hybrid ransomware attack. A ransomware attack on its own is bad enough. It allows hackers to take control of a device, after which they demand a ransom from the user before they can regain control. Today, ransomware is also spread in a hybrid form. By combining ransomware with the capabilities of a virus, it does not just infect one device, but easily spreads through the entire network.
People - Sophisticated cyberattacks are mostly targeted at employees because they are the weakest link in the digital security chain. In fact, 37% of security breaches can be attributed to human error. Password policies and other safeguards designed to protect people, such as multi-factor authentication, are not standard practice within most SMB organizations. In fact, research by the Ponemon Institute showed that 57% of SMBs do not have a password policy in place which no doubt increase the size of an attack surface.
The number one threat affecting people is targeted social engineering, which tricks people into handing over confidential company information. The hacker often contacts employees via e-mail, pretending to be a credible organization, such as FedEx, a bank, or even a colleague. Most employees do not have the knowledge to defend themselves against these advanced social engineering attacks.
Best Practices to Reduce Your Attack Surface
To reduce the attack surface, SMBs should regularly assess vulnerabilities, secure weak points, and monitor anomalies.
Assess - The first step in assessing potential vulnerabilities is to identify all the physical and virtual computing devices within the organization. That list should include all of these possible attack surfaces:
- Workstations and laptops
- Network file servers
- Network application servers
- Corporate firewalls and switches
- Multi-function printers
- Mobile devices
This infrastructure assessment should distinguish between cloud and on-premise systems and devices. This makes it easier for you to determine all possible storage locations for data.
Now, categorize all business data and divide it into three locations: cloud, on-premise systems, and devices. For example:
| • Cloud email & applications
• Cloud storage
• Websites & social media
| • Databases
• File sharing and storage
• Intellectual property
| • Presentations
• Company memos
• Statistics and reports
Next look at who has access and what kind of access they have. This third and final attack surface assessment is used to gain insight into the behaviors of each department or user within an organization, even if these users are unknown. These findings can be divided into the same three categories and should include the following aspects:
- Specific user access
- Multi-user access
- Unknown user access
Secure - After conducting the assessment, the next step is to determine what security you need in light of your current attack surface. Below is an overview of the key security services a typical SMB requires.
Content filtering allows you to regulate which websites are safe for employees to visit and which are not.
Installing and monitoring antivirus on all devices – from PCs to mobile phones – is critical to reducing an attack surface.
There are many ways to achieve this but defining password policies and using SSO and MFA are good first steps for an SMB.
With end-to-end encryption, only the sender and receiver with a decryption key can view the contents of the email and any attachments.
SECURE REMOTE WORKING
|DATA LOSS PREVENTION
A DLP solution prevents end users from sharing sensitive data outside the company network by regulating what data they can transfer.
REGULAR VULNERABILITY SCANS
|DEFINE PROCESSES & POLICIES
Define what data needs protecting and how. Make this information available so everyone understands their role in keeping the business safe.
|BACKUP AND DISASTER RECOVERY
Even though you have taken every precaution, it is important to have a solid BDR solution in place that can restore operations quickly, at the push of a button.
|WEB SERVER HARDENING
Web servers usually sit at the edge of network making them more vulnerable to attacks. Proper hardening ensures default configurations are changed and that certain services and displays are disabled.
|PROVIDE SECURITY TRAINING
People cannot defend themselves against threats they are unaware of. Therefore, it is crucial to educate employees on ways to protect themselves, for example by creating strong passwords and recognizing phishing scams.
SMBs face a threat landscape that is ever evolving. Knowing exactly what your attack surface is and how to reduce that surface is critical. The sophisticated threats and lack of awareness among employees often results in insufficient security and protection. Managed security presents an opportunity to provide the strong, cost-effective cybersecurity protection that SMBs require in order to reduce their attack surface and exposure to risk in today's online business world.
- What are common cyber attacks and threats that SMBs face?
- What is malicious software and how does it affect businesses?
- What is threat intelligence and why is it important?
- More cybersecurity topics and answered questions.
Secure Internet Gateway
Complete Security with Powerful Cloud-Based Firewall Capabilities for All Ports and Protocols.
Appliances vs Modern Security. Six Reasons Why Your Security Appliance and UTM Solution is Failing Your Business.