Security

Anatomy of a modern attack surface

Posted on by Richard Coltham

Thanks to Microsoft for the thoughtful and interesting article.

Anatomy of a modern attack surface

 

Anatomy of a modern attack surface

     Six areas for organizations to manage

As the world becomes more connected and digital, cybersecurity is becoming more complex. Organizations are moving more infrastructure, data, and apps to the cloud, supporting remote work, and engaging with third-party ecosystems. Consequently, what security teams must now defend is a broader, more dynamic environment and an expanded set of attack surfaces.

Threat actors are taking advantage of this complexity, exploiting gaps in an organization’s protections and permissions and executing relentless, high-volume attacks. Attacks are often multi-faceted, spanning several elements of an organization’s operations and infrastructure. Attackers are also becoming more coordinated across a growing cybercrime-as-a-service landscape. In 2022, Microsoft’s Digital Crimes Unit blocked 2,750,000 site registrations to get ahead of criminal actors that planned to use them to engage in global cybercrime.

Keeping up with today’s threats means securing every main attack surface, including email, identity, endpoint, Internet of Things (IoT), cloud and external. From a security perspective, you’re only as strong as your weakest links — and attackers are getting better at finding those. The good news is that most threats can be stopped by implementing basic security measures. In fact, we’ve found that basic security hygiene still protects against 98% of cyberattacks.

Four people gathered around a screen discussing cybersecurity. Stats on image: '1 hour 42 minutes: Median time for an attacker to begin moving laterally within your corporate network once a device is compromised' and '98% of cyberattacks can be prevented with basic security hygiene' - from article on Modern Attack Surface

End-to-end visibility into threats is foundational for good security hygiene. The right threat intelligence gives security teams a comprehensive view of the threat landscape, enabling them to stay ahead of emerging threats and continually refine their defenses. And when threat actors do get in, holistic threat intelligence is essential to learning what happened and preventing it from happening again.

Below we’ll discuss threat trends and challenges related to six main attack surfaces in an organization: email, identity, endpoint, IoT, cloud, and external. Towards the end, we’ll come back to how the right threat intelligence can tilt the playing field and give security teams a powerful advantage.

1. Email remains a top threat vector and focus area for defense

 

Person typing on laptop. Stats on image: '72 min median time it takes for an attacker to access your private data if you fall victim to a phishing email' and '61% increase in phishing attacks from 2021-2022' - from article on Modern Attack Surface

2. The expanded identity landscape also expands opportunities for threat actors

Image of a person in a digital cybersecurity meeting discussing connected device vulnerabilities. Stats on image: '3,500 average number of connected devices in an enterprise that are not protected by an endpoint detection and response agent' and '$1.7M Median value of the annualized risk of a data breach from mobile phishing attacks' - from the article on Modern Attack Surface

3. Hybrid environments and shadow IT have increased endpoint blind spots

Four people discussing cybersecurity. Stats on image: '921: Password attacks per second in 2022, a 74% increase from 2021' and '93% of Microsoft investigation during ransomware recovery engagements revealed insufficient privilege access and lateral movement controls' - from article on Modern Attack Surface

4. IoT devices are growing exponentially—and so are IoT threats

Image of computer networking ports. Stats on image: '41 billion IoT devices expected in enterprise and consumer environments by 2025' and '60% of security practitioners say IoT and OT security is one of the least secured aspects of their IT and OT infrastructure' - from the article on Modern Attack Surface

5. Protecting the cloud is both critical and complex
Image of a person sitting in a public place using a laptop. Stats on image: '895 man-in-the-middle phishing attacks detected per month by Microsoft Defender for Cloud Apps, on average' and '84% of organizations that suffered ransomware attacks did not integrate their multi-cloud environments into security operations tooling' -from the article on Modern Attack Surface

6. Securing the external attack surface is an internet-scale challenge

Image of two people in a meeting discussing cyberattack-related data compromises. 'Stats on image: 1613 cyberattack-related data compromises in 2021, more than all data compromises in 2020' and '53% of organizations experienced at least one data breach caused by a third party from 2018-2020' -from the article on Modern Attack Surface

Richard Coltham

This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.
More info Accept