With the expanding perimeter companies are creating as they move more of their business into the cloud, as well the addition of work-from-home network connections, there is a greater attack surface for hackers to penetrate. Focusing on these three attack surface risk reductions best practices will help security managers protect their programs.
As the recent cyberattack on Garmin proves, malicious actors are continuing to infiltrate networks of industry leaders, gaining access to thousands of sensitive customer and employee data points. The detrimental effects of the breach left users of Garmin products, from large Airline companies to the individual fitness gurus, with temporarily frozen devices, not knowing when the problem would be solved. While the details of the Garmin breach are not yet fully known, it isn't shocking to think that their massive attack surface wasn’t completely protected from malicious actors.
Here are three best practices to follow when protecting your attack surface:
Monitor Your Endpoints
Securing your endpoints, or points of access to your enterprise network that malicious actors will work to infiltrate, is an important step when protecting your business’s growing attack surface. Your endpoints probably extended further than you think, and can include both physical endpoints like laptops, desktops, mobile phones, and tablets, as well as digital environments like services and virtual territory. A few best practices to consider to confidently monitor your endpoints include:
- Gain a secure hold over your endpoints, particularly with new servers and network connections from recently onboarded vendors or employees working from home. Use independent process monitoring to continuously assess your endpoints from an external viewpoint.
- Monitor network connections to help identify risky behavior and threats before they arise. Networks to monitor include both your internal connections and those used by your third-parties. Now that many companies have shifted to a primarily remote workforce, it’s also important to monitor and set up protection for employee’s home network connections to prevent malicious activity to the company network through your employees.
- Prevent damaging attacks by increasing visibility into your internal controls. With an internal assessment tool like BitSight for Security Performance Management, you can gain continuous visibility into how your internal cybersecurity controls are performing. Internal visibility helps your organization detect security attacks by observing which endpoints are posing the greatest risk to your attack surface.
Visualize Your Potential Vulnerabilities
Another attack surface risk reduction best practice to reduce the chance of malicious attacks before they occur in your network is to visualize your attack surface vulnerabilities through simulation and forecasting. Different software providers or risk analysis programs can run scenarios through your network to mimic a malicious attacker, giving you a picture of where your vulnerable spots are and what damage could occur. BitSight for Security Performance Management provides users with a Forecasting tool to give users an outsider’s view into their cybersecurity performance and where the gaps might exist. Forecasts reveal an attainable level of security performance for any organization along with action items necessary to achieve projected performance.
Using tools like attack and patch forecasting lets security leaders run tests on the programs they work so hard to build, so vulnerabilities can be recognized and patched before they’re taken advantage of. It also can allow users to test different patch solutions to see what has the greatest impact on security.
Limit The Opportunity For Human Error
No matter how many software controls or programs you put in place to guard your attack surface, the opportunity for human error to lead to a cybersecurity attack is something that is hard to prepare for. Providing your employees with proper training to avoid common mistakes like falling for phishing scams is a good best practice for preventing human error to your attack surface. An interesting thing to note about social engineering, especially with phishing emails and communication attempts are the increased pull on a receiver’s emotions. Emotionally motivated attacks are using human empathy more and more to trick employees into providing compromising information, so adapting training to cover up-to-date phishing styles is important.
Limiting the devices employees are allowed to use for work related data is another attack surface risk reduction best practice. Requiring security measures such as VPN login systems, frequent password change, or two factor authentication are good ways to force employees to follow security measures surrounding their company network access. When it comes to protecting data run and stored with cloud computing services, a common best practice is to switch ownership of control accounts every few weeks so a new person has administrator access to the service. All of these are considered attack surface risk reduction best practices because they limit the window of time for malicious actors to discover a user’s password, as well and mitigate negative outcomes of losing or forgetting a password.
According to the AWS shared responsibility model, it is the company’s responsibility to properly train their employees on the cloud service access, as well as successfully integrate it into their systems to properly protect all vulnerable points. Being on top of employee cybersecurity training can save time and money by reducing the risk of detrimental human errors.
In Conclusion
For more resources on how to implement attack surface risk reduction best practices, or improve on what you currently have in place, download our whitepaper on risk reduction in expanding ecosystems.
