How would your security program run differently if your perspective was shaped around attack-surface reduction? It's a great way to reframe the way your organization approaches security, especially when it comes to implementing the same basic controls that continue to be your very best line of defense against cyberattacks.
First off, what does "attack surface" mean? This term gets thrown around plenty within the infosec bubble, but are we all talking about the same thing? The first term you often hear people talk about is that of attack vectors. An attack vector really isn't much more than some avenue that a bad actor can use to exploit your systems, your networks, and your information.
The attack surface, then, is just the sum of all the attack vectors for your organization — the total surface area of potential system exposure, be it systems in your data center, laptops in the field, cloud applications, connected industrial systems, or any combination of these hybrid environments you may have.
If It's Boring, You're Probably Doing It RightFor example, the latest breach headline you've read relates back, in some way or another, to an exploited attack vector like an unpatched vulnerability. So, what's new about attack vectors? Nothing. The breaches making headlines today come from the same issues we've been seeing in cybersecurity for the past 20+ years. They're the result of unpatched vulnerabilities, misconfigurations, lapses in system updates, human error, and other run-of-the-mill oversights. In 2020, much of the world is still behind on the unglamorous basics.
Because let's face it: The basics are boring and often difficult to maintain. That's a tough combination to take on, es ..
Support the originator by clicking the read the rest link below.
