What is an Attack Surface?
Protect your business from cyber threats by managing your Attack Surface.
The term ‘Attack Surface’ encompasses all of the different entry points a hacker could exploit to access the critical data or systems within an organisation.
A simple analogy is a family home wifi. Multiple devices (the ‘Internet of Things’) connect to a typical home wifi router, including: smart TVs, security cameras, phones, computers and tablets. Every connected device, however, may pose a vulnerability to the overall security and privacy of the home network.
Similarly, the critical information (IP, systems, data) within a business can also be exposed or attacked through the various connections that business has through the internet.
Websites, servers, software, APIs — The sum total of all hardware, software and network components that could be targeted by malicious actors is what’s known as an Attack Surface.
Examples of entry points include:
CRM
Company hosted website
Physical server
Email account or server
API connections between software
Public-shared documents in cloud
Previous staff credentials (still active)
Commonly shared passwords
Phone system
The more you can shrink your attack surface, the better you can manage risk and mitigate against common cyber threats.
Attack Surface Example:
It’s worth noting that the 2022 Optus data breach incident was made possible by an unsecured public-facing API, leaving data open to the internet. The equivalent to leaving your car door unlocked and keys in the ignition. Regular network scanning and/or penetration testing may have exposed the flaw earlier and avoided this incident.
How to reduce your Attack Surface
At ShadowSafe, we recommend businesses put specific measures in place to reduce their Attack Surface. To achieve this, businesses must first map their Attack Surface to understand its size and scope as a baseline, and measure improvements. This is often referred to as Attack Surface Mapping, by which all current entry points (potential vulnerabilities) are identified and documented.
Step 1. Take an inventory of your assets
Catalog all hardware, software and network components within your business.
Step 2. Identify entry points
Do you have shared or repeated used passwords? List all the possible ways an attacker could access your systems. This can include open ports, APIs and software logins.
Step 3. Assess vulnerabilities
Evaluate each entry point for weaknesses that could be exploited.
Step 4. Prioritise and address risks
Determine which vulnerabilities pose the highest risk and address those first. i.e. Patching software, implementing SSO (Single Sign On), enabling Conditional Access.
Step 5. Continually monitor
Regularly update the attack surface map and keep track of any changes that are made. Keep a record of implemented mitigation steps. Insurance companies favour proactive cyber security measures.
TIP: Implement Single Sign On (SSO) to accounts where possible.
Single Sign On (SSO) is a feature that enables you to use your Microsoft 365 (or Google Workspace) account to login to other services. By using SSO, you reduce the number of different login credentials, and streamline Multi Factor authentication through one main account.
Understanding the Attack Surface of your business and taking steps to reduce it is a key component of any cyber security strategy. ShadowSafe can help your business reduce the risk of cyberattacks affecting your business operations. Speak to our friendly team today on 07 3185 1777.
