What Is An Attack Surface?

In 2017, there were over 130 large-scale, targeted breaches in the U.S., and the numbers are growing every year by 27%. Professionals are always saying there is no such thing as perfect security, but then why aren’t all cyber vulnerabilities being exploited? It all has to do with what it's worth for the attacker. But to make sure the cost to exploit your organization outweighs the benefits, you need to understand the concept of an “attack surface.”

alt

What is an “Attack Surface”?

An “attack surface” in cybersecurity is defined as the number of vulnerabilities that can be exploited by an attacker. The smaller your attack surface, the less likely your organization will be exploited. Imagine a criminal deciding which building to rob. Between a building with multiple entries and another with just one, which do you think the criminal would choose? Obviously, the latter would cost more time and energy to find a way to break in. This is how you want your organization to be. Fewer options for entry mean fewer possibilities of exploitation.

How to Minimize Your Points of Entry
  • Reduce coding: The less code you have the less risk of exploitation. Keep things simple and eliminate any unnecessary features.
  • Clean up the OS: How many services in your OS are you actually using? Disable anything that is just taking up space.
  • Segmentation within your network: Having all your assets in one network may make things easier for you, but also for your attackers. Increase your barriers by splitting things up!
  • Audit: The oldest trick in the book when it comes to reducing your attack surface, is regularly inspecting your software. This will keep you up-to-date with everything that goes on and allows you to map out any possible vulnerabilities.

Once you reduce your attack surface, remember that this doesn’t mean you’re vulnerability-free. Make sure you’re always aware of the vulnerabilities you still have. Always prioritize the biggest threats and act on them immediately!