Organisations fall short on cyber security Attack Surface resilience

Cyber Security is a process and needs constant attention and refinement to deal with ever-evolving threats. The attack surface has been highlighted with reference to how organisations fall short on their cyber security resilience. There is no one-shoe-fits-all solution and executives need to weigh their security budgets against the unique risks that their organisation faces.

Security Bulletin - June 2022Security Bulletin - June 2022
Partner News - June 2022Partner News - June 2022

An organisation’s attack surface is extremely important in relation to the ability to defend against cyber-attacks and it represents how prepared or vulnerable to attacks an organisation is. It has become more evident that many organisations within our country are unclear as to what their attack surface looks like as more businesses are faced with the reality of data breaches and hacking. This is unfortunately leading to South Africa being seen as a goldmine for illegal data exfiltration.

The following are some of the major challenges that require time, expertise and manpower to manage properly:

  • The first step is acknowledging that, as an organisation that holds data, you are responsible for the protection of the said data as well the risk to the business and consumers should it become exposed.
  • Attackers seek any points of entry or potential compromises.
  • An attack surface includes all computers, software, networks, as well as the human factor.
  • External vendors that integrate or operate within an organisation’s systems or stores are also to be seen as potential risk that expands on an attack surface.

Examples of Attack Vectors:

  • Compromised credentials
  • Weak and stolen passwords
  • Malicious insiders
  • Missing or poor encryption
  • Misconfiguration
  • Ransomware
  • Phishing
  • Trust relationships
  • Zero-day vulnerabilities
  • Brute-force attacks
  • Distributed Denial of Service (DDoS)
  • Javascript Threats (Magecart)

Mapping the attack surface of an organisation helps understand the risks faced in operating a digitally integrated business. Every organisation connected to the internet faces these challenges and should be utilising vulnerability assessment/management software to help mitigate risks and reduce their overall potential attack surface.

One thing to note is that there is no perfect solution to minimise risk. Attack surface minimization and vulnerability management is a process and requires constant and regular attention to ensure a low-risk environment where data is processed and/or stored.

logo