A new study says that 76 percent of organizations worldwide expect to become victims of cyberattacks in 2022. The same report also reveals that 84 percent of the respondents suffered at least one cyber attack over the past 12 months. Among the reasons for these unflattering numbers is the rise of remote working, the online migration of businesses, and other changes that complicate digital networks.
Organizations have gone through changes that led to the expansion of their cyber-attack surfaces. These are the possible attack points through which unauthorized access and other activities with harmful consequences happen, which can either be hardware or software-based. Examples of these are workstations, mobile and IoT devices, improperly discarded hardware, as well as apps, ports, servers, and websites.
In 2022, it is worth examining how attack surfaces have expanded and multiplied as the world went through many changes. This is not based on a single study or report, but an aggregation of information from multiple sources.
Table of Contents
There is difficulty in identifying exposed assets
“One of the key challenges in the explosion in attack surface is that organizations find it difficult to identify exposed assets, and thus fail to address any software vulnerabilities that they possess.” This is what a VentureBeat report says about the growth of cyber-attack surfaces in the past year.
Digital assets connected to the internet can potentially have vulnerabilities or issues that make them prone to cyber-attacks. These could be misconfigurations, setup mistakes, poor security controls, or the unencrypted storage of login credentials. Cyber threat actors have advanced methods and tools that can scan and identify these vulnerabilities for them to exploit. Meanwhile, most organizations lack the ability to detect these security weaknesses or even have the awareness of the extent of their attack surfaces.
To address this difficulty, it helps to use an effective attack surface management solution, one that enables security or IT teams to know and mitigate cyberattack points. It has to be something that allows organizations to learn about the issues cybercriminals can discover during the reconnaissance phase of their attack.
Attack surface management, however, should not only be periodic but continuous and comprehensive. Attack surfaces change together with the changes that happen in an organization. This is not something doable with conventional and manual tools, so it is good that automated continuous solutions are now available.
The vulnerability management market is growing rapidly.
The good news is that many advanced attack surface management solutions have emerged in response to the difficulties encountered in identifying and managing cyber-attack surfaces. Frost & Sullivan projects strong global vulnerability management market growth as the threat of cyber-attacks increases. The market is expected to be worth $2.51 billion by 2025.
“Enterprises are becoming more vulnerable to cyber-attacks due to an expanded attack surface resulting from multiple touchpoints through an open network and easy accessibility to databases and applications,” Frost & Sullivan says.
In addition to the acknowledgment of businesses that they are dealing with more aggressive cyber threats, it is also worth noting that a number of countries have also enacted laws and policies that call for more stringent cyber defenses. Governments are also driving the growth of the attack surface management market.
The recent signing of the Biden Administration’s Executive Order on cybersecurity in the United States, for one, has set the tone for the urgency of implementing better cybersecurity solutions. Likewise, the sustained strong implementation of the General Data Protection Regulations (GDPR) Act continues to compel good vulnerability management among organizations across Europe as well as EMEA and APAC businesses with operations in Europe.
The majority have not done anything to secure their software attack surfaces.
Interestingly, even with the knowledge that it has been difficult to identify cyber threat exposure and the availability of advanced vulnerability management solutions, the majority of organizations still have not done anything much to improve their software-side cybersecurity. As reported by Tech Wire Asia, a 2022 threat landscape report shows that 69 percent of organizations have done nothing to secure their software supply chains even after learning about the horrors of the SolarWinds attack.
The threat landscape report also says that 70 percent admit that a compromise in their software supplier would mean serious consequences of their operations. They submit that such an attack would be unstoppable on their end. They are unlikely to detect it, let alone undertake courses of action that would stop the attack on its tracks or at least mitigate and control the problem as soon as possible.
The SolarWinds supply chain attack reportedly cost SolarWinds $40 million. This amount does not account for the reputational damage inflicted upon the company and the damages to the company’s clients. If something similar happens to other companies, the costs would be terrible and retaining clients would be extremely challenging.
Siloed tech is bad for attack surface management integrity
A survey called the Tech Blind Spots Survey, which was undertaken in January 2022 among 5,000 employees from 100 enterprises, found the siloing of IT assets has been a drawback for attack surface management. The study revealed operational concerns attributed to siloed technology management, particularly lost and inadequately secured endpoints, as well as incorrect data on IT assets and poor security visibility.
“The siloed and costly ways enterprise organizations manage their IT estate today are affecting IT service delivery and satisfaction, budgeting and audit efficacy, and attack surface management integrity,” the report writes. Because of siloing, time is lost unnecessarily to the monitoring of asset statuses or details, accounting of unaccounted assets, employee onboarding and offboarding delays, as well as compliance audit fines.
A unified way of monitoring and managing IT resources is now considered a necessity to ensure efficiency and avoid missing important details that result in serious but avoidable adverse consequences. Addressing tech siloing is a good start towards improved security visibility and attack surface management.
When organizations have a clear glimpse of their digital assets and the risks that come with them, they become better at preparing for the threats, detecting incursions, mitigating attacks, and undertaking remediation. This is similar to what happens when organizations adopt the MTIRE ATT&CK framework to comprehensively cover all possible attack points and the latest adversarial tactics and techniques when doing security validation. There is a comprehensive and systematic evaluation of security risks, not a siloing in the different technologies used.
Organizations need to improve
The tools for better attack surface management already exist. It is up to organizations to take advantage of these and improve their ability to manage vulnerabilities. The difficulty in identifying exposures to threats is mostly self-inflicted. Likewise, tech siloing is not that difficult to address. Organizations need to level up their attack surface management capabilities with the right knowledge and tools.