Just as the world has changed around us, an organization’s attack surface is different today than it was in the past. Organizational attack surfaces used to be well-defined and internally focused on each organization’s physical network. Digital transformation, innovation and the passage of time have changed the game. Today, interactions between employees, customers, stakeholders, and the organization take place online through SaaS applications and web-based cloud services.
Digital initiatives increase every organization’s online presence, increasing connections to external resources, including cloud infrastructure, third-party web applications, and the use of open-source software. Add to these conditions the shift to hybrid and work-from-home models, and most organizations’ external attack surface is now at least three times larger than their internal attack surface, and growing every day.
Wondering what the results are of this ever-expanding organizational attack surface? New cyber risks and vulnerabilities are keeping IT and security professionals busier than ever, as they try to extend the reach of protection for their businesses. Let’s look at the most common cyber risks to monitor with a modern digital attack surface:
- Not understanding the shared responsibility model of the cloud.
Cloud environments, whether public or private, provide organizations with a quick, easy, and often inexpensive way to modernize and expand their digital infrastructure. As organizations move to the cloud, adopting software-as-a-service (SaaS) tools to improve business efficiency and operations and keep pace with today’s digital transformation, they are also exposing themselves to increased risks.
The National Security Agency reports that the most common type of cloud security vulnerability stems from misconfigurations in the cloud. Cloud service providers, such as Google Cloud Platform (GCP), Amazon Web Services (AWS), and Microsoft Azure, all use shared responsibility models for cloud security. The important word here being shared. Much of the responsibility for cloud security still rests with the organizations using these clouds and their IT departments. To complicate matters, the major cloud providers all have their own unique approach to sharing responsibility for cloud security. The security components an organization is responsible for when using GCP are very different from AWS, and so on.
- Lax management of access control.
While all major cloud providers have improved their security over time, there are still ways for attackers to exploit access control and authorization vulnerabilities. Safeguards have been put in place to prevent unauthorized access to cloud infrastructure, but they are often inadequate. Weak authorization methods to access the cloud can actually allow attackers to elevate their privileges once they are in the cloud, expanding their access to sensitive data. Additionally, due to the ease of use and simplicity of today’s cloud services, less security-savvy professionals are now tasked with setting up servers and computing services in the cloud. This leads to inevitable oversights and misconfigurations in the cloud.
- Vulnerable domain name systems.
The Domain Name System (DNS) became a part of online communications before the dawn of major cybersecurity issues. This makes it inherently vulnerable to cyberattacks. Virtually every business today uses a variety of DNS servers within their digital supply chain. Like any other asset or application, DNS servers have vulnerabilities that hackers can exploit. Attackers see DNS servers as an attractive target, hijacking them through vulnerabilities to gain an “insider” position of trust as a base to then carry out a number of cyberattacks.
- Do not protect web applications and third parties.
Every modern business today leverages web-based applications for mission-critical operations. This means entering and sharing sensitive data, including email addresses, passwords and credit card numbers. These web applications interact with or connect to multiple third-party systems and services, increasing the attack surface through which this service can be accessed. Attackers know this and are monitoring attack vectors within direct and indirect digital supply chains, including vulnerabilities through SQL injections, privilege misconfigurations and authentication flaws, to access data. It’s not just an organization’s own apps that need to remain properly protected, it’s all connected web apps and third parties.
- Do not lock down mail servers.
Email remains one of the most popular forms of communication for a business between employees, customers, partners, and other stakeholders. The ease of accessing and using email also makes it so vulnerable to a cyberattack. Every organization uses different internal and external email servers for day-to-day communications, which means best practices for email cyber protection vary greatly from company to company or server to server. Cyber attackers are trained to recognize vulnerable mail servers and initiate takeover attempts. Once they gain access to an email server, they deploy email phishing attacks to anyone they can reach, including customers.
- Losing control of shadow IT.
Shadow IT refers to technology, including systems, software, applications, and devices used by employees of an organization without approval from the IT team. Shadow IT has grown significantly in recent years, with employees logging on to work from home on the most convenient device. Employees often create public clouds to migrate workloads and data without understanding the security standards and risks involved, and without the watchful eye of the organization’s security team. Sometimes employees misconfigure a public cloud as they build it, leaving vulnerabilities exploited. IT and security departments, on the other hand, are unaware of these vulnerabilities and any attempted or successful breaches, due to the nature of Shadow IT.
Thanks in large part to digital transformation, business operations are happening at a faster pace than ever. Many organizations still retain ownership and connectivity of servers, systems, and applications that have not been used for weeks, months, or even years. These assets use outdated software with known vulnerabilities that remain unpatched. Even when the organization updates software and fixes vulnerabilities in software currently in use, neglected and unmanaged assets remain available and open to cyber attacks.
The digital attack surface of every modern organization continues to expand. This will remain the case for the foreseeable future. Organizations must take responsibility for expanding their digital attack surface and prioritize protecting it. This means gaining visibility and assessing the vulnerabilities of all internet-connected assets and their connected digital supply chains. Then identify vulnerabilities that need to be patched and act quickly to remediate those threats before they are exploited. We see new stories every day about what happens when these types of threats go unaddressed. Unfortunately, the damage is still done in these cases, but serves as a continuous reminder of what organizations need to prioritize and protect, before it happens again.
Tamir Hardof, Marketing Director, Cyberpion