Modern enterprise attack surfaces are larger, more sprawling, and more complex than ever before – and it’s a trend that is not going to reverse itself any time soon. While some companies are calling employees back to the office, the fact remains that remote work locations have become – and will remain – an extension of corporate networks.
At the same time, additional external forces have impacted the size and complexity of enterprise attack surfaces. Whether it’s corporate layoffs leaving orphaned devices and other assets; new SEC rules that underscore the need – and demand accountability for – comprehensive, evidence-based intelligence on the assets, configurations, and security controls; or upcoming regulations like PCI DSS v4.0, the dynamics around the enterprise attack surface are continually changing.
One year ago, we issued our first State of the Cybersecurity Attack Surface report. That report exposed the fact that enterprises are struggling to get visibility into their IT assets. And more troublingly, that lack of visibility introduces security gaps and vulnerabilities. While enterprise attack surfaces and the dynamics surrounding them are in a perpetual state of flux, our data shows that there is one constant: the inability to really understand your attack surface is dangerous.
In our third State of the Cybersecurity Attack Surface report which you can download here, we continue to see:
- Organizations struggle with many of the same issues they’ve been grappling with—they are blind to IT assets missing endpoint protection, patch management, and, as we now include in this report, vulnerability management.
- “Stale” IT assets continue to proliferate across corporate networks. Organizations are unnecessarily paying for unused licenses for these assets while facing budget cuts and economic challenges
We also examine how small businesses are faring in their efforts to safeguard their attack surface. Faced with the choice of defending their IT environment themselves or partnering with a managed security service provider (MSSP), it’s evident that those MSSPs are there for a reason – they are very good at what they do.
Finally, the report identifies some ticking timebombs that introduce tremendous levels of unnecessary risk: devices banned by the United States government and end-of-life devices that no longer receive critical security updates from their vendors of origin. While neither are found on networks at an overwhelming volume, there are thousands of such devices lurking – creating an easy entry point for malicious actors.
Download the full report here, and as the threat landscape continues to evolve, Sevco Security is committed to tracking the trends related to the cybersecurity attack surface. And schedule time with Sevco today to see how we can help your organization identify these gaps in your security coverage, stale licenses, and more.