In the digital age, businesses are reaping the benefits of greater connectivity and enhanced digital operations. However, this increased connectivity also comes with a downside – it creates a broader and more dynamic environment for cyberattacks. According to the Microsoft Digital Defense Report 2022, about 98% of cyberattacks can be mitigated with basic security hygiene. Despite this statistic, organizations must remain vigilant in securing their six main attack surfaces.
Email threats continue to pose a significant risk to businesses. Phishing attacks have seen a staggering 61% increase from 2021 to 2022, and approximately 35% of ransomware incidents involve the use of email. The FBI estimates that these attacks cost businesses approximately $2.4 billion in 2021 alone. To combat this threat, organizations must prioritize regular education for employees on how to recognize and avoid phishing emails. As social engineering techniques become more sophisticated, it is essential to provide employees with regular reminders of their role in protecting the enterprise.
Identity security is another crucial aspect of defending against cyberattacks. Threat actors are continuously finding new ways to circumvent multifactor authentication (MFA), putting organizations at risk. Techniques such as adversary-in-the-middle phishing attacks and token abuse have become more prevalent. Additionally, phishing kits are widely available, making it easier for threat actors to steal credentials. It is important to protect not only human identities but also cloud access, third-party accounts, and workload identities. Often, workload identities are overlooked during permissions audits, leaving organizations vulnerable to attacks. Security teams must consider all potential meanings of “identity,” both human and automated.
The ever-growing array of endpoints further complicates security. According to the Microsoft report, on average, 3,500 connected devices in an enterprise are unprotected by an endpoint detection and response agent. Unmanaged or unpatched devices can become infected and serve as access points for compromising an organization. Servers, in particular, can be targeted, leading to IP theft and ransomware attacks. Prioritizing improved endpoint visibility and security hygiene is critical in defending against these threats.
The rise of Internet of Things (IoT) devices also presents additional vulnerabilities. By 2025, it is estimated that there will be over 41 billion IoT devices across enterprise and consumer environments. Threat actors are increasingly targeting IoT devices, as routers and networks have become more hardened against attacks. A Ponemon Institute study found that 35% of respondents cited an IoT device as the point of compromise. Many business devices are running outdated software with well-known vulnerabilities. Stronger IoT security measures are becoming recommended or required by regulators in the US and abroad. Organizations must have greater visibility into every connected device to ensure comprehensive security.
Cloud resources, regardless of whether they are single, hybrid, or multicloud, present their own challenges. Organizations often struggle to gain end-to-end visibility across their cloud ecosystems, leading to security gaps. Microsoft’s research found that 84% of organizations that suffered ransomware attacks had not integrated their multicloud assets with their security tooling. Misconfigurations and hidden, code-based vulnerabilities in cloud apps are also a significant concern. Incorporating security by design and default principles from the start can help mitigate these risks.
Today’s external attack surface extends beyond an organization’s assets. Multiple clouds, digital supply chains, and third-party ecosystems make it challenging to fully understand the scope of this exposure. A Ponemon report from 2020 revealed that 53% of organizations had experienced at least one data breach caused by a third party in the previous two years. To find weak links in defenses, organizations must approach their security from a threat actor’s perspective. Understanding the most likely entrance points for attackers is key to defending the external attack surface.
In conclusion, all of these attack surfaces share a common need for visibility and awareness. Tools and strategies can provide organizations with visibility into their security landscape, but awareness of evolving risks requires accurate and timely threat intelligence. Recognizing how seemingly unrelated events and signals can indicate an imminent threat, and understanding how these threats can exploit the six main attack surfaces, gives security teams a crucial advantage in an ever-evolving risk environment. By prioritizing security hygiene and staying vigilant, organizations can mitigate the majority of cyberattacks and protect their valuable assets.