Attack surfaces are the different endpoints, subsidiaries, business units, and devices that a hacker could go after.

For example:

We have a client who had a Japanese subsidiary that spun up a server for QA testing.

They used it for a couple of years and then forgot about it and stopped maintaining it.

But the server was still there. And the attackers found it and tried to use it to break into the client’s infrastructure.

Thankfully, we discovered it, alerted them, and the hack was thwarted.

That’s why it’s so important to know your attack surfaces because if you don't know it, you can’t protect it.

Here are 2 things to keep in mind while doing so:

1. Continuously rediscover how you appear to the adversaries:

If you only do it once in a blue moon, then your information becomes stale.

If you run a vulnerability assessment once a quarter, how do we know that tomorrow, a sleep-deprived IT admin is not going to misconfigure the system and get you hacked?

1. Turn data into actionable insights:

Just collecting a lot of data about attack surfaces is not good enough.

You need to know what to do with it: how to quantify it, measure it, and act on it.

That's where SecurityScorecards provides you the next level of sophistication over your attack surfaces.

Website:
https://securityscorecard.com

SecurityScorecard is the global leader in cybersecurity ratings and the only
service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

#cybersecurity #cyberrisk #cyberratings #linkedin