6 Attack Surfaces You Must Protect

Greater connectivity and enhanced digital operations can deliver a number of business benefits, but they also create a broader, more dynamic environment to defend. Fortunately, about 98% of cyberattacks can be mitigated with basic security hygiene, according to the "Microsoft Digital Defense Report 2022."

Still, cyberthreats are getting more sophisticated and becoming more coordinated, making it even more important for organizations to secure their six main attack surfaces. Here's a look at each, including the central risks and where to focus effort and resources — along with one takeaway that links them all. 

Email Threats Abound

Phishing attacks grew by 61% from 2021 to 2022, while 35% of ransomware incidents involve the use of email, costing businesses approximately $2.4 billion in 2021 alone, according to the FBI. 

Along with URL checking and disabling macros, it's crucial to provide regular education to employees about how to spot ever-more realistic phishing email. As the quality of social engineering improves, everyone needs regular reminders of their role in protecting the enterprise.

A Broader Definition Of 'Identity'

Securing identity across the organization is essential to protecting access to your systems and data. Threat actors are getting more creative in circumventing multifactor authentication (MFA), with techniques such as adversary-in-the-middle phishing attacks and token abuse. Widely available phishing kits have made it even easier — and affordable — for threat actors to steal credentials. 

Cloud access, third-party accounts, and workload identities must also be protected. Workload identities, in particular, are often overlooked during permissions audits. Security teams should consider all of the potential meanings of "identity," both human and automated. 

Endpoints Provoke Concern

Managing an ever-growing array of endpoints complicates security further. On average, according to Microsoft's report, 3,500 connected devices in an enterprise are unprotected by an endpoint detection and response agent. 

Unmanaged or unpatched devices can not only be infected, but they can easily become avenues to compromise an organization. For servers, in particular, the subsequent access to user credentials and the network can quickly lead to IP theft and ransomware attacks. Prioritizing improved endpoint visibility and security hygiene is critical for defending against these threats.

IoT Devices Can Create Additional Vulnerabilities

By 2025, IDC expects more than 41 billion Internet of Things (IoT) devices across enterprise and consumer environments working alongside operational technology (OT). 

With many routers and networks now hardened against attacks, IoT devices are appealing targets for threat actors. In a Ponemon Institute study, 35% of respondents said an IoT device was the point of compromise, and many business devices are running outdated software with well-known vulnerabilities.

Greater IoT security is fast becoming recommended or required of manufacturers in the US and abroad. Greater visibility into every connected device is an absolute must. 

The Conundrum of Cloud

Whether single, hybrid or multicloud, cloud resources can pose a security challenge. Many organizations struggle to gain end-to-end visibility across their cloud ecosystems, which can lead to security gaps. Microsoft's research found that 84% of organizations that suffered ransomware attacks did not integrate their multicloud assets with their security tooling — a critical oversight. Also, cloud apps can present risks due to both misconfigurations and hidden, code-based vulnerabilities that could be mitigated from the start through security by design and default.

Closing identity and misconfiguration gaps — combined with robust tools for attack response — go a long way toward securing the whole cloud environment, from the corporate network to cloud services.

Exponential External Exposure

Today's external attack surface reaches far beyond an organization's own assets. Multiple clouds, digital supply chains, and third-party ecosystems make it hard to see the full scope of this exposure. In fact, a 2020 Ponemon report showed that 53% of organizations had at least one data breach caused by a third party in the previous two years.

Finding weak links in defenses often means thinking like threat actors: Since attackers look for the easiest way in, what are the most likely entrance points? Understanding what can be exploited across your external attack surface is the key to defending it.

All of these attack surfaces have something in common: Protection takes both visibility and awareness. Visibility can be achieved through tools and strategies, but awareness of oncoming risks requires accurate, timely threat intelligence. Knowing how seemingly unrelated events and signals can point to an imminent threat — and understanding where and how that threat can take advantage of the six main attack surfaces — gives security teams a crucial advantage in an ever-evolving risk environment. 

Read more Partner Perspectives from Microsoft Security.