How reducing your attack surface can improve IT security

With hybrid workplaces – where staff work from home for part of the week – likely to be a feature of life for an extended period, the rules around achieving effective security have changed. Rather than having staff working within an infrastructure ringfenced by firewalls and other defences, they’re now often connecting to corporate resources via private internet connections and personal devices.

As a result, the attack surface that can be exploited by cyber criminals has been greatly extended. If they are able to compromise a staff member’s device at home, this can afford them ready access to centralised IT systems and databases.

Indeed, The State of Network Security in 2021 report commissioned by Barracuda found that Australian companies with staff working predominantly from home had a significantly higher network security breach rate (93 per cent), compared with companies with staff working predominantly in the office (67 per cent). A full 96 per cent of respondents with company-issued devices share their home internet connection with other members of their household, so the risk of breach remains. Almost three-quarters (72 per cent) of those surveyed said their organisation had been the victim of at least one ransomware attack in the last year.

Within many organisations, this situation is driving an urgent rethink about how security risks are managed and overcome. Managers realise a way needs to be found to maximise security while also maintaining staff productivity.

Focusing on the attack surface

When security experts talk about an organisation’s cyber attack surface, they’re referring to all the physical and digital assets that could theoretically be compromised in an attack. This includes a range of items including software applications, servers, PCs, websites and networks. The bottom line is that the bigger the attack surface, the more places there are for threat actors to aim.

Minimising and securing the attack surface therefore needs to be a focus for any IT security program, however, achieving this is easier said than done. Supply chains and remote workers are as mission critical as you can get, so it’s important that any changes made don’t impact business operations.

The challenge of supply chains

VIEW ALL

Research from Israeli startup Cyberpion highlights just how much companies now rely on third-party partners. The research found that 73 per cent of Fortune 500 companies’ total IT infrastructure is external. Even worse, a quarter of these assets contain known vulnerabilities and other risks. These include:

• Twenty-five per cent of external cloud IT assets failed at least one security test;
• Almost 10 per cent of corporate login pages are considered insecure due to invalid SSL certificates, or because login data is transmitted in HTTP and unencrypted; and
• Nearly 5 per cent of hundreds of cloud assets these firms connect to are vulnerable to major abuse, including misconfigurations that could allow attackers to read or overwrite data.

While these statistics are for Fortune 500 firms, SMEs are arguably even more exposed to their supply chains. As threat actors find increasingly effective ways to probe for security gaps between third parties, the risks will continue to surge.

The hybrid working challenge

The second reason that attack surfaces are expanding is the rapid growth of remote workers and, unfortunately, it’s becoming increasingly difficult for IT teams to mandate improved security practices.

A recent study found many remote workers view productivity as more important than mitigating cyber risk. The vast majority of IT leaders claimed in response that the increase in home workers has created a “ticking time bomb” for a corporate network breach.

The bad news is that, as the pandemic recedes and hybrid working emerges as the preferred model of most businesses, these risks will continue to expose organisations to financial and reputational damage.

The urgent need to reduce the attack surface

Thankfully, reducing and securing the attack surface is something all organisations can achieve with the right set of best practices to guide them.

The first step is to understand exactly what digital assets are being held and where they are stored. This is likely to be on a mix of in-house servers, digital devices and cloud services.

The next step is to determine whether some of these items can be removed or decommissioned. Just because resources were needed prior to the pandemic doesn’t mean these are still required now.

A third step is to apply appropriate people, process and policy changes across the organisation. These should include enhanced staff training and awareness campaigns that help people to spot threats such as phishing attacks.

IT teams should also review items such as remote access, email and web application security and ensure any risk-based patch and vulnerability management programs that are in place. Cloud Security Posture Management tools and a secure data protection solution should also be deployed to mitigate the risk of misconfiguration and implement disaster and recovery capabilities.

Cyber criminals are constantly on the hunt for vulnerabilities that will allow them to gain access to a target’s IT infrastructure. By making its attack surface as small as possible, an organisation can significantly reduce its chances of becoming the next victim.

Mark Lukie is the APAC sales engineer manager at Barracuda.