SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
DDoS
#
WFH
The most common attack surface trends by company location, size, and industry
Tue, 22nd Jun 2021
FYI, this story is more than a year old
Author image
By Ryan Morris-Reade, Contributor
Follow us

A new report identifies the most common attack surface trends by geography and company size and highlights industries most vulnerable to public cloud exposure, malware, ransomware, and data breaches.

Cloud security company, Zscaler, has announced the release of Exposed, its global report on the state of corporate attack surfaces. The report is based on data sourced between February 2020 and April 2021 and offers a unique look into the scope of impact of attack surface exposure during the COVID-19 pandemic.

Zscaler finds that as businesses began offering more remote work opportunities, their attack surfaces grow simultaneously with their decentralised workforce. When combined with increased reliance on public cloud services and vulnerable enterprise VPNs, large organisations not using zero trust security become more vulnerable to network intrusion attacks.

“The sheer amount of information being shared today is concerning because it's all essentially an attack surface,” says Zscaler vice president of emerging technology, Nathan Howe.

“Anything that can be accessed can be exploited by unauthorised or malicious users, creating new risks for businesses that don't have complete awareness and control of their network exposure. Our goal with this report is to provide a view of what the internet sees of a company's information landscape and offer useful tips on how to mitigate risk.

He says by understanding their individual attack surfaces and deploying appropriate security measures, including zero trust architecture, companies can better protect their application infrastructure from recurring vulnerabilities that allow attackers to steal data, sabotage systems, or hold networks hostage for ransom.

Although attack surface vulnerabilities impact organisations of all sizes, major international companies with more than 20,000 employees are more vulnerable due to their distributed workforce, infrastructure, and a greater number of applications needing to be managed.

In order to get a better grasp of the scale of the problem, Zscaler analysed organisations in all geographies, grouping the findings from 53 countries into three regions, the Americas, EMEA, and APAC.
 
The report also tracked corporate attack surfaces by industry, identifying what types of organisations are most likely to be targeted by cybercriminals. To do this they analysed a diverse group of companies, spanning 23 different industries, and discovered that telecommunications organisations were the most vulnerable and had the highest average number of outdated protocols in their servers.

Telecom companies had the third-highest average of exposed servers to the internet, increasing the risk of being targeted by cybercriminals for DDoS and double extortion ransomware attacks.

The hospitality industry, including restaurants, bars, and food service vendors, had the highest average of exposed servers and public cloud instances, with AWS instances exposed 2.9x more often than any other cloud providers.

With the COVID-19 pandemic pushing many restaurants to offer online ordering, the rapid adoption of digital payment systems has increased risks for both businesses and customers.

Three Steps to Reduce an Attack Surface
Although no approach will be completely effective, Zscaler recommends the following tips for minimising corporate network risks:

  • Gain visibility into your risk of exposure: Knowing your visible attack surface is key to effective risk mitigation. 
  • Recognise the shortcomings of VPNs and firewalls: Stay current with the latest updates to the CVE database. Be sure to remove support for older TLS versions from servers to reduce risk.
  • Make apps invisible to threats with zero-trust: Applications protected behind zero-trust frameworks are not visible or discoverable, thus removing an attack surface. 
  •  


Related stories
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services
Half of online traffic in 2024 generated by bots, report finds
Cisco launches Hypershield for AI-driven security upgrade
Axis unveils hybrid cloud platform for adaptable security solutions
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
Secolve & Asimily join forces to boost Australia's IoT security
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models