Exclusive: Reducing the cyber attack surface of the digital enterprise

The resounding success of GITEX 2021 is the most recent reminder of the significant strides that Middle East organisations have made in advancing their digital transformation over the last year. Having navigated the initial uncertainty, organisations have now begun to confidently embrace remote work, with their efforts even being supported by UAE government initiatives such as the remote work visa. Simultaneously, interest in cloud computing, which initially favoured the private model, steadily shifted past the tipping point and today, even highly security-conscious sectors have embraced public cloud offerings.

The convergence of these trends has meant that the conventional enterprise perimeter has become all but obsolete. Consequently, traditional approaches to security such as ringfencing infrastructure with firewalls and other defences have been rendered ineffective as employees increasingly connect to corporate resources via private internet connections and personal devices. 

As a result, the attack surface that can be exploited by cybercriminals has been greatly extended. If attackers are able to compromise a staff member’s device at home, this can afford them ready access to centralised IT systems and databases.  

Indeed, The State of Network Security in 2021 report commissioned by Barracuda found that companies with staff working predominantly from home had a significantly higher network security breach rate (85%), compared to companies with staff working predominantly in the office (65%). A full 94% of respondents with company-issued devices share their home internet connection with other members of their household, so the risk of breach remains. Over three-quarters (81%) of those surveyed said their organisation had been the victim of at least one ransomware attack in the last year. 

Within many organisations, this situation is driving an urgent rethink about how security risks are managed and overcome. Managers realise a way needs to be found to maximise security while also maintaining staff productivity.

Focusing on the attack surface

When security experts talk about an organisation’s cyberattack surface, they’re referring to all the physical and digital assets that could theoretically be compromised in an attack. This includes a range of items including software applications, servers, PCs, websites and networks. The bottom line is that the bigger the attack surface, the more places there are for threat actors to aim.

Minimising and securing the attack surface therefore needs to be a focus for any IT security program. However, achieving this is easier said than done. Supply chains and remote workers are as mission critical as you can get, so it’s important that any changes made don’t impact business operations.

The challenge of supply chains 

Research from Cyberpion highlights just how much companies now rely on third-party partners. The research found that 73% of Fortune 500 companies’ total IT infrastructure is external. Even worse, a quarter of these assets contain known vulnerabilities and other risks. These include: 

• 25% of external cloud IT assets failed at least one security test 
• Almost 10% of corporate login pages are considered insecure due to invalid SSL certificates, or because login data is transmitted in HTTP and unencrypted 
• Nearly 5% of hundreds of cloud assets these firms connect to are vulnerable to major abuse, including misconfigurations that could allow attackers to read or overwrite data 

Given that these statistics are for Fortune 500 firms, it can be expected that SMEs will be even more exposed to their supply chains. As threat actors find increasingly effective ways to probe for security gaps between third parties, the risks will continue to surge. 

The hybrid working challenge 

The second reason that attack surfaces are expanding is the rapid growth of remote workers and, unfortunately, it’s becoming increasingly difficult for IT teams to mandate improved security practices. 

A recent study found many remote workers view productivity as more important than mitigating cyber-risk. The vast majority of IT leaders claimed in response that the increase in home workers has created a “ticking time bomb” for a corporate network breach. 

The bad news is that, as the pandemic recedes and hybrid work emerges as the preferred model of most businesses, these risks will continue to expose organisations to financial and reputational damage. 

The urgent need to reduce the attack surface

Thankfully, reducing and securing the attack surface is something all organisations can achieve with the right set of best practices to guide them.

The first step is to understand exactly what digital assets are being held and where they are stored. This is likely to be on a mix of in-housed servers, digital devices and cloud services. This must be followed by an exercise to determine whether some of these items can be removed or decommissioned. Just because resources were needed prior to the pandemic doesn’t mean they are still required now.

A third step is to apply appropriate people, process and policy changes across the organisation. These should include enhanced staff training and awareness campaigns that help people to spot threats such as phishing attacks.

IT teams should also review items such as remote access, email and web application security and ensure any risk-based patch and vulnerability management programmes that are in place. Cloud Security Posture Management (CSPM) tools and a secure data protection solution should also be deployed to mitigate the risk of misconfiguration and implement disaster and recovery capabilities.

Cybercriminals are constantly on the hunt for vulnerabilities that will allow them to gain access to a target’s IT infrastructure. By making its attack surface as small as possible, an organisation can significantly reduce its chances of becoming the next victim.

By Toni El Inati – RVP Sales, META & CEE, Barracuda Networks