In our recent Digital Risk Survey, we canvassed 600 senior enterprise IT and security professionals to see what was worrying them. Two of our findings were:

  • 57% of respondents cited internal collaboration platforms such as Microsoft Teams and Slack as the tech stack representing the most risk.
  •  52% of respondents cited the use of unsanctioned apps as their biggest security and compliance challenge.
There are a variety of reasons to be worried about collaboration platforms and unsanctioned apps. All of these reasons boil down to one thing: they can expand an enterprise’s attack surface. Though it might be possible to “reduce” this surface, doing so typically involves reducing the tech stack. This is a bad option for most companies, who adopt new technologies to achieve better business outcomes, especially in the wake of the COVID-19 pandemic.

Instead of attempting to reduce the attack surface, enterprises need to manage it better. The most effective and comprehensive form of attack surface management is that which secures both its public and private dimensions.

Public and Private Attack Surfaces

Every enterprise possesses public attack surfaces. These are the publicly visible portions of your enterprise. Common public attack surface examples include:

  • The company website
  • Company LinkedIn page
  • Public marketplaces and app stores 

Just as important, though often trickier to secure, are an enterprise’s private attack surfaces. They are considered private because these surfaces are largely hidden and often invisible to security teams. Some private attack surface examples are:

 


With cloud applications, enterprises can often log traffic, but they lack visibility into the content of messages, links, or attachments. Today, the attack surface management capabilities of many enterprises are lacking. They are particularly lacking when it comes to the private attack surface. Tools to oversee, monitor, or remediate these hidden threats are sorely lacking.

Digital Transformation Expands the Private Attack Surface

2020 was a year of rapid digital transformation. More than any board initiative or C-level enthusiasm, the COVID-19 pandemic forced enterprises across the globe to rapidly transition to the digital office.

71% of IT security professionals believe that the hyper-acceleration of digital transformation has greatly increased their enterprise’s risk of a data breach and/or a cybersecurity exploit. They’re correct, chiefly because rapid digital transformation has expanded the private attack surface. For example, suddenly, and at a scale not seen previously:

  • Sales teams are corresponding with prospects using closed tools like WhatsApp and WeChat.
  • HR departments need to oversee a workplace that exists exclusively in collaboration platforms where users can use private messages and groups.
  • Businesses are responding to customer enquiries and offering support in social and mobile channels.
  • Executives, unable to travel to events and network, are spending more time than ever corresponding via LinkedIn.

Think about the output of these communication phenomena. All of it is private and hidden. None of it can be secured by teams, unless they find the right attack surface analysis and management tools. Only then can they proactively secure the private attack surface.

Effective Private Attack Surface Management

Most enterprises know they need public attack surface security, and are taking steps to implement the right protocols. Chief among them are:

… and so on. However, what organizations must prioritize private attack surface analysis and management. Here, companies need to take the following steps: 

  • Achieve visibility. Locking down the private attack surface starts with making the unknown known. Companies need to onboard security tools that will provide a comprehensive and automated view into all human interactions occurring within the organizations. This includes channels that are nominally private, such as WhatsApp and Slack. If they are being used for business purposes, then they have to be made visible. 
  • Get deep and dark web coverage. Many threats don’t even exist on the surface, public web. They are in the darker corners of the internet. Companies need to be able to scan the deep and dark web for interactions that mention trigger keywords such as brand name, personnel, projects, and other confidential information. They must be able to receive real-time alerts to activate response and security protocols immediately.
  • Monitor account/instance access. Enterprise collaboration licenses can be a vector. Via phishing or another technique, a bad actor can gain credentialed access to another org’s Teams or Slack instance. They could potentially lurk here for months or years. Companies need software that can alert them to any abnormal account behavior, and repel intruders from the system.
Attack surface management is a complex and ever-evolving job. Bad actors are always refining their methods. However, these steps offer a foundation on how you can secure the most under protected part of most enterprises’ attack surface: the private attack surface.

 

Guide: Learn what modern-day digital risks are and how you can combat them with the right protective measures.

Related Content