4 Best Practices for Attack Surface Management
Accelerated by the pandemic, digital ecosystems are expanding. New ways of working remotely, and the rapid adoption of cloud technologies have increased the number of digital touch-points that employees interact with. Unfortunately this expanded attack surface creates new points of exposure that make it difficult for security leaders to pinpoint where cyber risk exists, or when a risk is worth concern.
It’s a situation that is not going away. In 2021, one in four Americans are expected to work remotely. In this same period, Gartner forecasts that the consumption of cloud services will continue to grow by nearly 20%.
With these fast moving challenges in play, now is the time to rigorously evaluate your organization’s attack surface and implement practices for mitigating risk. Here are four attack surface management best practices that can help.
1. Understand your attack surface
Staying ahead of threats is challenging. Security teams are increasingly buried in siloed tools and grappling with a sea of data and alerts – hoping they don’t miss something important. Meanwhile, it’s getting harder for security leaders to validate their organizations’ digital footprints and understand where the greatest risk of exposure lies. After all, you can’t secure what you can’t see.
To understand what’s going on in your ecosystem and where risk is concentrated you need broad visibility into things most security stacks can’t give you. Tools like Bitsight Attack Surface Analytics can help.
Attack Surface Analytics makes it possible to validate and manage your entire digital footprint – across various geographies, business units, subsidiaries, cloud service providers, and far-flung home offices. With this complete view of your organization’s digital assets, you can then discover the corresponding cyber risk associated with each, quickly remediate any risk exposure, drive continual process improvements, and allocate resources where they’re needed most.
2. Continuously monitor your endpoints
Endpoint monitoring has always been a critical pillar of any attack surface management strategy. But the pandemic, coupled with a growing number of digital endpoints located outside the corporate network, has accelerated the need for greater diligence.
To gain a secure hold over your endpoints – particularly new digital assets, recently onboarded vendors, and remote employees – use an independent monitoring process to help identify risk behavior and threats before they become a problem. Having an external, unbiased viewpoint can be enormously beneficial when trying to accurately assess your security risk.
You’ll also need to monitor and set up protection for your employee’s home network connections. This sounds logical, but a survey by Keeper Security and the Ponemon Institute found that a staggering 42% of IT and security professionals don’t know how to defend against attacks aimed at their most far-flung endpoints – remote workers.
Lastly, increase visibility into internal controls. An assessment tool like Bitsight for Security Performance Management can help you gain continuous visibility into how your internal cybersecurity controls are performing. With this insight you can mitigate cyber risk by observing which endpoints pose the greatest risk to your attack surface.
3. Benchmark your security program against your peers
Assessing your cyber risk exposure and security program performance in the context of your peers and industry is another effective strategy, especially in today’s ever-evolving cybersecurity landscape.
For instance, Bitsight for Security Performance Management includes benchmarking tools that let you uncover gaps in your cybersecurity program based on a comparison of risk vectors within your peer group. With these benchmarks, you can create data-driven remediation plans and confidently meet security performance goals.
4. Determine acceptable risk thresholds
Finally, it’s important to acknowledge that 100% prevention is unattainable, especially as cybersecurity threats rapidly evolve. And that’s okay. Because cyber risk is relative to your organization, and it’s important to determine what an acceptable level of risk is.
Alongside benchmarking, you can use Bitsight Security Ratings to set acceptable thresholds for your organization. Security ratings are data-driven, dynamic measurements of an organization’s security posture and range from 250 to 900 with a higher rating equating to a better overall performance.
Because independent research shows that companies with a rating of 500 or lower are nearly five times more likely to have a breach, so depending on your industry and risk tolerance, consider setting a threshold that matches where the vendor or tier needs to be.
Finally, since security ratings are updated frequently you can use them to continuously monitor for movement against your risk thresholds and inform any remediation plans.
Additional Resources
For more information on attack surface management best practices, check out our white paper: How to Reduce Risk in an Ever-Expanding Digital Ecosystem or request your Free Attack Surface Report.