Five Elements Organizations Should Monitor for Effective External Attack-Surface Management

According to an infographic produced by Microsoft, "The cybersecurity world continues to become more complex as organizations move to the cloud and shift to decentralized work. Today, the external attack surface spans multiple clouds, complex digital supply chains, and massive third-party ecosystems. Consequently, the sheer scale of now-common global security issues has radically shifted our perception of comprehensive security."

The infographic highlights "five areas that help better frame the challenges of effective external attack-surface management." The information is provided by RiskIQ, a company Microsoft acquired in 2021 to help organizations assess the security of their entire digital enterprise.

1. The global attack surface may be bigger than most think

"In 2020, the amount of data on the internet hit 40 zettabytes, or 40 trillion gigabytes. RiskIQ found that every minute, 117,298 hosts and 613 domains add to the many interwoven threads making up the global attack surface's intricate fabric. Each of these web properties contains a set of elements, such as its underlying operating systems, frameworks, third-party applications, plugins, and tracking code. With each of these rapidly proliferating sites containing these nuts and bolts, the scope of the global attack surface increases exponentially."

2. Sometimes, threat actors know more about an organization's attack surface than their SOC does

"The rapid growth of internet-exposed assets has dramatically broadened the spectrum of threats and vulnerabilities affecting the average organization. With the advent of COVID-19, digital growth accelerated once again, with almost every organization expanding its digital footprint to accommodate a remote, highly flexible workforce and business model. The result: attackers now have far more access points to probe or exploit."

What is more, "With the rise of global-scale attacks orchestrated by multiple threat groups and tailored for digital enterprises, security teams need to mitigate vulnerabilities for themselves, third parties, partners, controlled and uncontrolled apps, and services within and among relationships in the digital supply chain."

3. Threat actors don't have to compromise assets to attack an organization or its customers

"Most cyberattacks originate miles away from the network; web applications comprised the vector category most commonly exploited in hacking-related breaches. Unfortunately, most organizations lack a complete view of their internet assets and how those assets connect to the global attack surface. Three significant contributors to this lack of visibility are shadow IT, mergers and acquisitions (M&A), and digital supply chains."

4. The mobile attack surface goes beyond major mobile app stores

"Each year, businesses invest more in mobile as the average consumer's lifestyle becomes more mobile-centric. Americans now spend more time on mobile than watching live TV, and social distancing caused them to migrate more of their physical needs to mobile, such as shopping and education."

However, "These rogue apps appear in official stores on rare occasions, even breaching the major app stores' robust defenses. However, hundreds of less reputable app stores represent a murky mobile underworld outside of the relative safety of reputed stores. Apps in these stores are far less regulated than official app stores, and some are so overrun with malicious apps that they outnumber their safe offerings."

5. Threat infrastructure is more than what's on the network

"Today's global internet attack surface has transformed dramatically into a dynamic, all-encompassing, and completely entwined ecosystem that we're all a part of. If you have an internet presence, you interconnect with everyone else, including those that want to do you harm. For this reason, tracking threat infrastructure is just as important as tracking your own infrastructure."

The infographic also points out that "More than 560,000 new pieces of malware are detected every day, and the number of phishing kits advertised on underground cybercrime marketplaces doubled between 2018 and 2019. In 2020, the number of detected malware variants rose by 74 percent."

The infographic concludes that:

Traditionally, the security strategy of most organizations has been a defense-in-depth approach starting at the perimeter and layering back to the assets that should be protected. However, there are disconnects between that kind of strategy and the attack surface, as presented in this report. In today’s world of digital engagement, users sit outside the perimeter—as do an increasing number of exposed corporate digital assets and many of the malicious actors. As such, companies need to adopt security strategies that encompass this change. Applying Zero Trust principles across corporate resources can help secure today's workforce—protecting people, devices, applications, and data no matter their location or the scale of threats faced.

What recommendations do you have on how organizations can effectively monitor these five elements?

Aaron Rose is a board member, corporate advisor, and co-founder of great companies. He also serves as the editor of GT Perspectives, an online forum focused on turning perspective into opportunity.