Today, we’re talking about the attack surface and how to manage vulnerabilities in your organization or office. This process of making it harder for hackers to infiltrate your organization is called the attack surface management. Let us first get back to basics…
Attack surface 101
An attack surface is the total number of ways/methods a hacker can use to break into your network and cause havoc. In that sense, organizations strive to keep their attack surface as small as possible, making it harder for hackers to find a good attack vector to work with. As a result, hackers tend to abandon the endeavor for easier targets.
Generally speaking, we distinct between a digital and a physical attack surface
Digital attack surface
Digital attack surface is based around software, websites and servers — which are digitally connected to the organization’s systems. Examples include potential threats from the net via a phishing email or a lack of proper encryption.
Physical attack surface
On the other hand, the physical attack surface refers to anything a hacker could physically get a hold of to use to break into a system or network. Typically, these are end-point devices such as computers, smartphones, tablets and USB sticks. A carelessly discarded note with sensitive information also counts towards a physical attack surface.
How do you reduce your attack surface?
According to a report from 2019, 43% of cyber attacks that year were aimed at small businesses. What’s more, the findings revealed that only 14% of those businesses were prepared to defend themselves against a cyber attack.
So, this isn’t something only huge organizations are facing even though they are usually the ones getting the headlines after a major breach takes place – hackers are on the lookout for targets of all sizes. Remember that all it takes is a single malware infection to potentially bring your network to a halt.
And again, that’s what attack surface management is all about. It includes an array of practices that will help keep a system as safe as possible.
To that end, security experts suggest starting with identification of physical and digital vulnerabilities of a network. Answers to questions such as “how many devices are connected to the system” and “what are the virtual access points” are good starts, but there’s more.
Engineers should also check for the website’s encryption (is it enabled?) and the way the data is stored in the organization — including who has access to it.
Attack surface management is a huge topic and we have just scratched the surface here. There are companies dedicated to this area – on our end, we’d like to help individuals and small businesses. To them, we suggest using a VPN and all other protection software. And for that, check out our page with Best of the Best VPNs and take it from there. We’re sure you’ll find a solution that fit your needs there.