In our recent Digital Risk Survey, we canvassed 600 senior enterprise IT and security professionals to see what was worrying them. Two of our findings were:
Instead of attempting to reduce the attack surface, enterprises need to manage it better. The most effective and comprehensive form of attack surface management is that which secures both its public and private dimensions.
Public and Private Attack Surfaces
Every enterprise possesses public attack surfaces. These are the publicly visible portions of your enterprise. Common public attack surface examples include:
- The company website
- Company LinkedIn page
- Public marketplaces and app stores
Just as important, though often trickier to secure, are an enterprise’s private attack surfaces. They are considered private because these surfaces are largely hidden and often invisible to security teams. Some private attack surface examples are:
- Executive and employee social accounts
- Private mobile chat messages
- Collaboration platform communications
- Cloud apps with enterprise accounts
With cloud applications, enterprises can often log traffic, but they lack visibility into the content of messages, links, or attachments. Today, the attack surface management capabilities of many enterprises are lacking. They are particularly lacking when it comes to the private attack surface. Tools to oversee, monitor, or remediate these hidden threats are sorely lacking.
Digital Transformation Expands the Private Attack Surface
2020 was a year of rapid digital transformation. More than any board initiative or C-level enthusiasm, the COVID-19 pandemic forced enterprises across the globe to rapidly transition to the digital office.
71% of IT security professionals believe that the hyper-acceleration of digital transformation has greatly increased their enterprise’s risk of a data breach and/or a cybersecurity exploit. They’re correct, chiefly because rapid digital transformation has expanded the private attack surface. For example, suddenly, and at a scale not seen previously:
- Sales teams are corresponding with prospects using closed tools like WhatsApp and WeChat.
- HR departments need to oversee a workplace that exists exclusively in collaboration platforms where users can use private messages and groups.
- Businesses are responding to customer enquiries and offering support in social and mobile channels.
- Executives, unable to travel to events and network, are spending more time than ever corresponding via LinkedIn.
Think about the output of these communication phenomena. All of it is private and hidden. None of it can be secured by teams, unless they find the right attack surface analysis and management tools. Only then can they proactively secure the private attack surface.
Effective Private Attack Surface Management
Most enterprises know they need public attack surface security, and are taking steps to implement the right protocols. Chief among them are:
- Providing cybersecurity awareness training to employees
- Scanning routinely for software vulnerabilities
- Changing passwords and monitoring account access
- Maintaining an inventory of company web applications
- Identifying the full tech stack
… and so on. However, what organizations must prioritize private attack surface analysis and management. Here, companies need to take the following steps:
- Achieve visibility. Locking down the private attack surface starts with making the unknown known. Companies need to onboard security tools that will provide a comprehensive and automated view into all human interactions occurring within the organizations. This includes channels that are nominally private, such as WhatsApp and Slack. If they are being used for business purposes, then they have to be made visible.
- Get deep and dark web coverage. Many threats don’t even exist on the surface, public web. They are in the darker corners of the internet. Companies need to be able to scan the deep and dark web for interactions that mention trigger keywords such as brand name, personnel, projects, and other confidential information. They must be able to receive real-time alerts to activate response and security protocols immediately.
- Monitor account/instance access. Enterprise collaboration licenses can be a vector. Via phishing or another technique, a bad actor can gain credentialed access to another org’s Teams or Slack instance. They could potentially lurk here for months or years. Companies need software that can alert them to any abnormal account behavior, and repel intruders from the system.