Attack surfaces are top of mind for today’s security leaders, according to the recent Censys 2023 State of Security Leadership report. Surveyed security leaders say that understanding the entirety of the organization’s attack surface is their number one priority for the next 12 months. These leaders know that if they don’t understand all of their external-facing assets, they can’t defend them from advanced threats. And defending against threats is becoming increasingly difficult.
In this same study, nearly all surveyed leaders (93%) said that their organization had been successfully attacked within the last year. Fifty-three percent had been successfully attacked between two and five times.
So how much do you understand about your own attack surface? Take our quick 10-question quiz to find out.
If you’re unsure about your answers to some (or many) of these questions, it may be time to think about leveraging an Exposure Management solution.
Let’s get started.
1. Where do external-facing assets connected to my organization live?
This is the meat-and-potatoes question that all security leaders need to be able to answer with confidence. If you know where all of your assets live, you’re better able to determine where your security team’s attention and resources should be allocated. For teams without an Exposure Management solution, this is easier said than done. That’s because today there are many more answers to the “where” than ever before: fixed IP addresses are moving the ephemeral cloud, an increasing number of workforces are using remote devices… the list goes on. This fragmentation makes it increasingly challenging for security teams to accurately manage and inventory what they own. Which brings us to the next essential attack surface question:
2. Are there assets on my organization’s attack surface that are unknown to my team?
Your security team might think they know about all that belongs to the organization, but we find that on average 43% of assets on an attack surface are potentially unknown to our customers. These unknown or unmanaged assets are prime targets for attackers. Research from Enterprise Strategy Group found that “69% of organizations admit they had experienced at least one cyberattack that started through the exploit of an unknown or unmanaged internet-facing asset”. If you don’t know what you own, how can you protect it?
3. How frequently is my view of my organization’s attack surface refreshed?
Stale data doesn’t cut it in today’s aggressive threat landscape. That host that looked fine yesterday? It’s compromised today. Teams that conduct attack surface scans intermittently or on a weekly basis are essentially working with one arm tied behind their backs. GreyNoise Research found that on average, scanners that are unknown and potentially malicious scan the internet every three minutes. Compare that to research from the 2023 Security Posture and Hygiene Survey which found only 14% of organizations’ attack surfaces are scanned continuously.
4. Which risks on my attack surface should my team prioritize?
The last thing you want is time wasted on false positive alerts and low-impact risks. Infosecurity Europe finds that “More than 60% of security professionals estimate their security function spends over 3 hours per day validating false positives.” To take action against high-severity risks before threat actors do, you need to be able to identify critical exposures with enough insight to prioritize and remediate appropriately.
5. Do I have a complete view of all of the assets that live in my cloud?
As organizations migrate more of their business assets to ephemeral multi-cloud environments, it can be difficult for security teams to keep up. And that’s problematic because an unmanaged cloud can enable Shadow IT and in turn open the door to threat actors. One Censys Exposure Management customer discovered more than 600 cloud assets outside of their monitored accounts, which was 80% more than what the company believed they had online.
6. Are there exposures on my attack surface that put my company’s regulatory compliance at risk?
If your organization is subject to security requirements and regulations, you know just how important it is to stay compliant. Noncompliance can put you at risk for vulnerabilities, cyberattacks, security breaches, and regulatory fines. A big part of staying compliant hinges on your ability to effectively track and monitor all of your external-facing assets that could be subject to a breach. With a solution like Censys Exposure Management, you gain the comprehensive and continuous asset visibility required to ensure compliance, along with access to historical data and the ability to generate the detailed security reports required for audits.
7. How are assets on my attack surface are connected to each other?
Understanding asset connections helps your team better identify where your security perimeter could be most vulnerable to attackers. If there’s a possibility that an attacker could comprise a critical asset via other assets in your network, they’ll find a way. After all, if you give attackers an inch, they’ll take a mile. (That’s how the old saying goes, right?) This also speaks to why establishing a Zero Trust framework across your network is so imperative.
8. How has my attack surface has changed over time?
Observing changes to your attack surface can serve a couple of useful purposes. It gives you the ability to gauge the extent to which your attack surface may be expanding or shrinking. If the degree of movement in either direction is unexpected, tracking this can raise flags for your security team to address. For example: are assets being added to your attack surface that your team didn’t authorize (Shadow IT)? Additionally, the ability to look at changes to assets over time can help your team better investigate threats. Censys customers have the ability to look at thousands of indexed fields and 7+ years of history to gain critical context.
9. Are there any misconfigurations on my attack surface?
In our State of the Internet report, Censys researchers found that misconfigurations are the most common type of vulnerability observed on the internet. In fact, 60% of all vulnerabilities on the internet are misconfigurations. The good news here is that misconfigurations are usually easy to address and resolve, if your team knows where they exist. Without a comprehensive understanding of your attack surface, misconfigurations may persist, giving attackers opportunities to strike.
10. Do my subsidiaries’ assets pose a risk to my organization?
An often overlooked step of the M&A due diligence process is understanding the cybersecurity risk that an acquisition could bring to the table. Your organization may have a handle on its attack surface, but does the company you’re acquiring have a handle on theirs? What’s theirs is now yours – and inheriting unknown cyber risk can put your organization in a vulnerable position. Forbes found that “More than a third (40%) of companies engaged in a merger and acquisition transaction said they discovered a cybersecurity problem during the post-acquisition integration of the acquired company.”
How’d you do? Whether you were able to answer every question with ease or found yourself stumped by a few, remember that continuously and accurately understanding an attack surface is no small task. Which is why more and more security leaders are recognizing that they can’t do it alone. Leading Exposure Management solutions, built on world-class data, give teams the automation, insights, and scalability they need to be able to understand and protect their evolving attack surfaces on an ongoing basis.
If our quiz got you thinking, we’d love to chat. Connect with our team to learn more about how an Exposure Management solution could support your cybersecurity efforts.