In May, the White House introduced an Executive Order to improve the nation’s cybersecurity. Cybersecurity attacks against SolarWinds, Microsoft, and Colonial Pipeline are reminders that we face increasingly sophisticated malicious adversaries. Insufficient cybersecurity defenses have made us more vulnerable to incidents.
“It is the policy of my Administration that the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security. The Federal Government must lead by example. All Federal Information Systems should meet or exceed the standards and requirements for cybersecurity set forth in and issued pursuant to this order,” said President Joe Biden.
Major highlights and directives from the executive order:
- Remove Barriers to Threat Information Sharing Between Government and the Private Sector.
- Modernize and Implement Stronger Cybersecurity Standards in the Federal Government.
- Improve Software Supply Chain Security.
- Establish a Cybersecurity Safety Review Board.
- Create a Standard Playbook for Responding to Cyber Incidents.
- Improve Detection of Cybersecurity Incidents on Federal Government Networks.
- Improve Investigative and Remediation Capabilities.
The frequency of ransomware attacks has increased dramatically over the past year: 93% more ransomware attacks were carried out in the first half of 2021 than the same period last year per Computer Weekly. Attacks have also increased significantly since the pandemic has forced an increase in global remote work and thus, an increase in the attack surface of most organizations.
While the Executive Order has highlighted areas of improvement for the U.S. in the cybersecurity space, in looking at the continued increase in ransomware attacks, one of the biggest actions an organization can take to improve its security posture is to reduce its attack surface.
What is an attack surface?
An attack surface is the infinite number of ways threat actors can infiltrate your digital network. The smaller the attack surface, the fewer attack vectors – or entry points – there are for a threat actor to gain access to or to attack your system. The bigger the attack surface, the more entry points.
What are the types of attack surface?
There are three main types of attack surface:
- Digital or External attack surface: The digital attack surface also known as an external attack surface, is where threat actors or unauthorized users can exploit and/or compromise digital systems.
- Physical attack surface: Carelessly discarded hardware that might contain user data/login credentials, handwritten passwords, and physical break-ins.
- Social engineering attack surface: Malicious activities accomplished through human interactions, such as phishing, baiting, pretexting, spear phishing etc.
All of these are important, but with increasing digital modernization and transformation efforts across enterprises, an organization’s digital attack surface is critical when it comes to a strong cybersecurity posture.
For example, a cyber criminal can penetrate your network to obtain private company information from the following points:
- Connected Systems & Software
- Out-of-Date Security Certificates
- Compromised Credentials
- Weak or Stolen Passwords
According to TechTarget, “There was an intense spike in the number of cyberattacks such as phishing and malware exploiting the fragility and inadequacy of the infrastructure that could support remote working, as is indicated by the U.S. federal report. Not only did the attack surface expand, but several new ones also came into play as corporate IT assets extended into home networks.”
Combining the “Inside-Out” and “Outside-in” Views for Complete Visibility
The lack of visibility into one’s infrastructure remains a fundamental cybersecurity challenge, and the extension of corporate assets into home networks has only complicated this. But often, organizations have taken an “inside-out” approach to cybersecurity.
This approach has been a foundation for cybersecurity practitioners: set up a perimeter and protect what is inside your network. Set up firewalls to stop certain traffic from flowing in and out. Implement anti-virus on endpoints so you can ensure the outer edges of your network have some ability to identify and quarantine bad or suspicious things. It’s the castle and moat approach.
What has been less adopted but is as critical to reducing one’s attack surface is understanding the “outside-in” approach to your networks: your external attack surface. According to Gartner’s Hype Cycle for Security Operations – 2021, “External Attack Surface Management (EASM), autonomous security testing, and threat intelligence services all provide an inward-looking viewpoint toward an organization’s infrastructure from the outside. This renewed approach to looking at exposure provides better enrichment for organizations to decide what really matters to them — without having to look at the threat landscape in a more general way and wonder if they are affected.”
This doesn’t mean you should give up on the “inside-out” view – only that this view of your attack surface needs to provide broader insight into assets and interfaces on your network. In addition to EASM, another area of interest in the Gartner Hype Cycle for Security Operation – 2021report is Cyber Asset Attack Surface Management (CAASM). “CAASM is an emerging technology focused on enabling security teams to solve persistent asset visibility and vulnerability challenges.” It expands focus on a subset of assets such as endpoints, servers, devices, or applications. It also helps remediate gaps caused by manual processes and homegrown systems. With CAASM, an organization gains full visibility into all organizational assets to better understand their attack surface area and any possible existing security control gaps.
When organizations only look at the internal viewthey are playing defense. With an “outside-in” approach, you can proactively mitigate cyber risk and prioritize defensive actions. Only with both can you strategically defend critical systems and data with a risk-based strategy.
How to reduce your attack surface
The smaller the attack surface the fewer entry points cyber criminals have to penetrate your network. Here are a handful of tactics you can do to reduce your attack surface:
- Assume zero trust. Don’t automatically trust anything inside or outside your network perimeters. Verify everything trying to connect to your systems before granting access.
- Create strong access protocols and use strong authentication policies. Strong protocols and policies can help protect your network.
- Promote the use of a password manager. Set strong and unique passwords across different employee accounts.
- Backup often and protect your backups. You should assume that your network will be breached, so make sure that you have properly stored and protected backups.
- Increase your firewalls and segment your network. Firewalls help defend from any cyberattack.
- Ensure email security. Keep employees trained to look for suspicious requests, attachments, links, and phishing activities.
- Monitor third-party data breaches. According to a report by Ponemon Institute, 51% of businesses have suffered a data breach caused by a third-party.
- Monitor for data leaks. Monitor for company data leaks. The faster you know about a potential breach, the quicker you can mitigate the situation.
- Remove unnecessary software and services. The more software connecting to your network – the bigger your attack surface.
- Invest in cybersecurity awareness training. Keep your employees up to date on cybersecurity training and tactics. Employees and contractors are a significant cause of data breaches.
LookingGlass’s data, platforms, and enrichment can help your organization quickly understand common attacks, focus your defenses by leveraging tailored datasets, and move you toward a more proactive stance against the most common threats. Find out more by contacting us today to book a demo.