What is a system’s attack surface? why should it be minimized when possible?

When it comes to smart cybersecurity for small and mid-size businesses (SMBs), reducing the attack surface is critical. In fact, ensuring the attack surface is as small as possible is a basic security measure.

Understanding and managing your attack surface — the number of possible ways an attacker can get into a device or network and extract data — will help reduce exposure to cyber risk.

While many SMBs may think they are too small to be a cybercrime target, a quick look at their attack surface often reveals that there are potential access points in their IT network or other vulnerabilities that can be leveraged to stage a cyber attack or data breach.

The reality is that small businesses continue to face the high probability of cyber attack. Recent data shows 43% of cyberattacks are aimed at small businesses, yet only 14% are prepared to defend themselves. And more often than not, SMBs suffer significant financial impact from an attack. One report estimates that the cost of data breach remediation for companies with less than 500 employees averaged about $2.5 million and this has continued to increase year-over-year. In certain regulated industries, businesses still experience these financial consequences in the second and third year after an attack.

Gaining a better understanding of your IT environment and the elements in your attack surface that represent risk are good steps toward a proactive defense.

What are the primary attack surfaces?

Devices and people are two primary attack surfaces.

Devices

Businesses today are connecting to the Internet using more and more devices. This creates more gateways for cybercriminals to carry out cyberattacks.

Along with an exploding volume of data generated using these devices, new data also estimates that there will be close to 50 billion connected Internet of Things (IoT) devices used worldwide by 2030.

Now, factor in cyber threats and potential vulnerabilities in operating systems and software, and you can better understand how devices represent a potential risk and can profoundly increase the attack surface.

Ransomware and hybrid ransomware attacks are significant threats to devices. A ransomware attack on its own is bad enough as it allows hackers to take control of a device, and then demand a ransom before the user can regain control. But today, ransomware is also spread in hybrid form. By combining ransomware with the capabilities of a virus, it can not only infect one device but easily spread throughout the entire network.

Data predicts that ransomware attacks will target businesses every in 2021. In the latest Verizon Data Breach Investigations Report (DBIR), 27% of malware incidents are contributed to ransomware. Other research indicates that 85% of managed service providers reported ransomware attacks against SMBs over the last two years, with 56% seeing attacks in the first six months of 2019.

People

Sophisticated cyberattacks primarily target employees because they are often the weakest link in the digital security chain. In the Verizon DBIR 2020 report, human error accounts for 22% of breaches. According to Gartner, 95% of cloud breaches occur due to human errors such as configuration mistakes, and this is expected to continue.

Adding more risk, password policies and other safeguards designed to protect people, such as multi-factor authentication (MFA), are not standard practice within most SMB organizations. And worse, recent research shows that password behaviors continue to be an issue — 91% of people know that using the same password on multiple accounts is a security risk, yet 66% continue to use the same password anyway.

Attackers also use social engineering techniques to gain access to networks through employees. Social engineering tricks people into handing over confidential company information. The hacker often contacts employees via email, pretending to be a credible organization or even a colleague. Most employees do not have the knowledge to defend themselves against these advanced social engineering attacks.

Research reveals that 70-90% of malicious data breaches are attributed to social engineering of some type.

How do you assess vulnerabilities?

The first step in assessing potential vulnerabilities is identifying all the physical and virtual computing devices within a business or organization. That list should include all of these possible attack surfaces:

• Workstations and laptops
• Network file servers
• Network application servers
• Corporate firewalls and switches
• Multi-function printers
• Mobile devices

This infrastructure assessment should distinguish between cloud and on-premise systems and devices and makes it easier to determine all possible storage locations for data.

Now, let’s look at where data is accessed and stored. Categorize all business data and divide it into three locations: cloud, on-premise systems, and devices.

For example:

Cloud

• Cloud email and applications
• Cloud storage
• Websites and social media

On-premise systems

• Databases
• File sharing and storage
• Intellectual property

Devices

• Presentations
• Company memos
• Statistics and reports

Next, look at who has access and what kind of access they have. This third and final attack surface assessment is used to gain insight into the behaviors of each department or user within an organization, even if these users are unknown. These findings can be divided into the same three categories and should include the following aspects:

• Specific-user access
• Multi-user access
• Unknown-user access

How do you secure weak points and monitor anomalies?

After conducting the assessment, the next step is determining the security measures for your specific attack surface. Using the right combination of security measures will ensure weak points are secured as well as provide you better visibility over the security of your network.

What is a system's attack surface?

What is minimize attack surface?

What are the possible attack surfaces?

Why is attack surface reduction Important?