Where could a cybercriminal penetrate your practice? What assets would they hit? What systems would they breach?
The term “attack surface” can be defined as all of your IT assets, whether they are secure or vulnerable, you’re aware of them or not, they’re on-site or in the cloud, third-party or your own. It’s your entire IT ecosystem that includes all your interconnectivity.
When was the last time you thought about the vulnerabilities of your attack surface? Statistics show it’s a weak point, with only 20 percent of respondents from one recent survey saying they had sufficient visibility into their attack surface in place.
This visibility is the foundation to having a strong cybersecurity plan. You cannot secure something you don’t know exists. But cybersecurity isn’t why you’re in business. It’s easy to ignore some of the most critical parts that keep you safe.
Before you secure it, you have to define your asset platform. Yet this discovery process can be more complicated than ever because:
The attack surface keeps expanding - it’s difficult to keep a handle on the size of the attack surface as it can expand, contract, or change every day. New devices can be added or taken away. New networks can be added. IT services can bring on new nuances. You have to know the parameters before you can secure it.
New devices are continually being added - it’s no longer just a phone or a laptop that connects. You’re now responsible for every mobile device - including BYOD programs - and all resources that help create your business. Whether it’s cloud-based, operational technology, or the latest IoT platform, you have to properly define it.
Unknown assets are also increasing - no matter how much control you try and keep, there will always be a level of unknown. An employee will buy a new device and connect to a database. Someone will use an IT service not previously sanctioned by your IT staff. This area will only continue to expand as we become more connected over time.
To ensure you’re ready for the next potential threat to your data, it’s crucial to build an effective threat and vulnerability program into your practice. That means including things like:
- Performing regular penetration testing to see how your employees and systems fare
- Observing a consistent patching schedule
- Learning where your vulnerabilities lie and work at fixing them
- Ensuring you’re using proper tools and know how to implement and use them well
How safe are your assets? How vulnerable is your attack surface?
For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.