Around a year ago a cyberattack on a little-known US oil pipeline thrust ransomware into the media spotlight and grabbed the attention of the White House. The ensuing months saw a flurry of government efforts designed to improve the security posture of global organisations, with cyber risk management planted firmly front-and-centre of recommended best practices.
The cybercriminals responsible for breaching Colonial Pipeline may have unintentionally done a great deal of good for the security community. But recognising the importance of risk management and putting it into practice are two different things.
Where should organisations start? The answer lies with mapping and understanding the digital attack surface. Unfortunately, as new Trend Micro research reveals, only half (51%) have been able to do so, with many more identifying major visibility gaps.
What is the digital attack surface?
The attack surface is comprised of all the digital assets that could be compromised by remote or local threat actors. This includes:
- Laptops and PCs
- IoT endpoints
- Mobile/web apps and websites
- Remote desktop protocol (RDP) endpoints
- Virtual private networks (VPNs)
- Cloud services
- Supply chain infrastructure and services
Attacks target these via a wide variety of tools and techniques—from phishing to vulnerability exploitation. And once inside networks, they may move laterally to other parts of the attack surface. Trend Micro’s 2021 roundup report reveals just how exposed organisations are today.
Visibility is tough
There’s an adage in cybersecurity which is relevant here: you can’t protect what you can’t see. That makes gaining visibility into all these digital attack surface assets a vital first step on the road to mitigating the risk of serious compromise. But this isn’t as easy as it looks. Respondents to our new study estimate that they have visibility into only 62% of their total attack surface. The real number could be much lower. What’s causing the problem? Several reasons, including:
- A lack of the right tooling
- Too many tools, creating information silos
- Opaque supply chains
- Dynamic and ephemeral cloud environments
- The size, complexity, and distributed nature of modern IT environments
- An increase remote working endpoints and shadow IT during the pandemic
A platform-based approach
The lack of visibility is further compounded by cybersecurity skills shortage, making it increasingly difficult to manage the expanding attack surface; unsurprisingly nearly three-quarters (73%) of IT and business leaders we polled are concerned with the size of their digital attack surface. Nearly half (43%) even admit that it is “spiralling out of control” and over half (54%) admit their method of assessing risk exposure isn’t sophisticated enough.
CISOs must find a way to gain visibility into all their digital attack surface assets, use that information to continuously calculate risk exposure, and then have the right tools to prevent, detect, and respond to threats across those assets without further burdening overstretched security teams.
That’s far from easy given that most organisations have multiple overlapping or disconnected tools which create data silos and visibility gaps, leading to an overwhelming number of false positives.
With security teams burdened with sifting through alerts, it causes delays in detection, investigation, and response of high-critical vulnerabilities, which gives cybercriminals more time to launch their attack from within.
This is where a platform-based approach can reap major dividends. A unified cybersecurity platform offers a single holistic view of the attack surface that can assess risk exposure and then automatically deploy controls to mitigate that risk. Fewer, but higher-fidelity alerts free up security talent to work on strategically important tasks. It can also help you align security with business goals by reducing the cost of managing multiple point solutions.
In a world where geopolitical instability has lent ransomware mitigation a new urgency, it’s time for a change.
For more information about the benefits of a unified cybersecurity platform, check out the following resources: