PHASE 0: What is an Attack Surface?

An attack surface is an area on the cyber terrain that is accessible by an attacker that can be exploited or altered to allow a hacker to compromise your defense and steal or ransom your data.

You attack surface is the combination of vulnerabilities that can be exploited to carry out a cyberattack. Attack surfaces can be physical or digital. The term attack surface is often confused with the term attack vector, but they are not the same thing. The surface is what is being attacked; the vector is the means by which an intruder gains access. 

To best protect your attack surface, you should limit and secure your digital presence to reduce risk of public access. An organization can analyze and reduce its physical and digital attack surfaces by taking the following measures:

  • Identify physical and digital assets
  • Conduct an attack surface gap analysis
  • Review asset management policies
  • Reduce unused, redundant, or overly permissive apps and websites
  • Prioritize strengthening the most vulnerable attack points first
  • Work towards making attack surfaces smaller

Digital Attack Surfaces

A network attack surface is the sum of all vulnerabilities in connected hardware and software. In order to keep a network secure, network administrators must proactively seek ways to reduce the number and size of attack surfaces. The more code running on a system, the greater the chance that the system will have an exploitable security vulnerability. This means one of the most important steps IT administrators can take to secure a system is to reduce the amount of code being executed, reducing the software attack surface.

The CrowdPoint approach to limiting the size of attack surfaces is a strategy called Cyber Privacy Campaign. With this plan, the attack surface is divided into logical segments called the cyber engagement area, each of which has its own unique technologies and services. The idea is to significantly reduce the surface available for malicious activity and restrict unwanted lateral (east-west) traffic to bypass a perimeter and canalize traffic away from risky parts of the network.  These four logical segments are part of a Defense in Depth and include:

       
ECOSYSTEM PERIMETER NETWORK ENDPOINT

Physical Attack Surfaces

The physical attack surface includes both technology and physical building and endpoint devices, including desktop systems, laptops, mobile devices, USB ports, and the internet of things (IoT).  Physical security has three important components: access control, surveillance, and testing. Obstacles should be placed in the way of potential attackers; Physical sites can be hardened against accidents, attacks, and environmental disasters. Such hardening measures include fencing, locks, access control cards, biometric access control systems, and fire suppression systems. Second, physical locations can be monitored using surveillance cameras and notification systems, such as intrusion detection sensors, heat sensors, and smoke detectors. Third, disaster recovery policies and procedures should be tested regularly to ensure safety and to reduce the time it takes to recover from disruptive man-made or natural disasters.