Attack surfaces and third-party remote access
At the beginning of 2018, experts in the cybersecurity field predicted that bad actors attacking surfaces would continue to be a huge trend. Along the same lines, it’s widely accepted that hackers will take the easiest route available to either breach data, place a form of malware on a network, or just cause disruption. When and if the path of least resistance is blocked, bad actors will work to find a new way to get in. In other words, bad actors are pretty quick on their feet when finding a new surface to attack when one path leads to a dead end. So, it is imperative to not have any paths on your network that could lead a hacker to sensitive information; this is easier said than done. However, to best understand how to protect yourself, first, it’s important to understand what an attack surface is and how the right secure remote access platform can safeguard your network from bad actors.
What is an attack surface?
Wired defines an attack surface as the total number of points or vectors through which an attacker can try to enter an environment or network. In terms of cybersecurity, this means how a bad actor could gain access to your network to either send, extract, or encrypt data through the holes they find in a network. TechTarget adds that every network interaction point allows for a potential network attack surface. In other words, an attack on a surface occurs when bad actors are able to find holes in a network which then allows them to cause disruption. This disruption can come in the forms of data breaches, ransomware, and more. With bad actors taking advantage of the access that an enterprise organization grants to a third-party, the bad actor will pick the surface that gets them onto a network the easiest. No matter which route the bad actor takes to get onto the network, as soon as they’re in they will cause mayhem.
Some of the most common attack surfaces are:
- Open ports on outward facing web servers
- Unsecured remote access
- Web forms and software
- Physical access
- Password retrieval (from carelessly discarded hardware or password sticky-notes).
Bad actors actively look for the most common surfaces to attack and regularly use the access granted to a third-party to get into the network. Without the right secure remote access that can protect a network's different access points, bad actors can and will take advantage of the sensitive information they can get their hands onto.
An attack surface example
One of the most notable ransomware attacks was the infamous City of Atlanta fiasco. According to Data Breach Today, whoever attacked Atlanta gained access to their system through a surface that led them to getting a hold of administration credentials. From there, the attacker was able to spread malware onto a server. In the Data Breach Today article, information security researcher Kevin Beaumont notes that Atlanta left RDP port 3389 and block port 445 open to the Internet. When Atlanta left the two ports open to the Internet, it was essentially an invitation for bad actors to get onto their network. As we know, Atlanta didn’t pay the ransom and the city is now expected to pay $2.6 million toward recovery. Without the right secure remote access platform to safeguard your network and sensitive information, you could be the next Atlanta.
Protect your surfaces
According to a survey IBM conducted with the help of IT professionals, 75 percent of respondents don’t have a formal plan in place if an attack happens while 66 percent were unsure if they could ever recover from an attack if one were to happen. This is an obvious issue among IT professionals, so what can we do to fix this? The first step is to start to catalog of all points of entry into your network. Prioritize which points present the greatest security vulnerability so that you can protect yourself as well as you can. Some of the best practices to implement, along with the first steps, according to security professionals include:
- Defining the attack surface of an application, which identifies all the entry points into the system as well as all the places data could be extracted.
- Mapping the network attack surface, which is similar to a picture view of all the points of entry.
- Measuring the attack surface by identifying high-risk areas, especially remote entry points.
- Managing the attack surface by prioritizing the highest risk areas and implementing solutions to plug gaps.
- Assessing and reassessing continuously.
Understanding your network’s exposure to the outside world and the possibility of a breach gives you a lot of valuable context and help. Along with that, it is widely known that it’s much easier for an attacker to find vulnerabilities in the defenses of a network that has a lot of data interfaces than a network that only has a few very controlled access points. Imprivata's secure remote access software offers the tools necessary to combat an attack surface, no matter the number of data interfaces and access points.
Get the right secure remote access software
Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise Access has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink Customer Connect is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.