attack surface expansion

Gartner 2022 security trend #1: Attack Surface Expansion

Print Friendly, PDF & Email

This past March, Gartner delivered a new report entitled “Top Trends in Cybersecurity 2022.” Available only to its clients, the report identifies seven important trends that it says are fundamentally transforming how CISOs need to think about cybersecurity and their role within their organizations.

Today, in the first of a series of seven Journey Notes articles, we’ll share our perspective on the first trend on Gartner’s list: Attack Surface Expansion.

A target-rich environment

Over the past several years, most organizations’ attack surfaces — that is, the totality of vectors that attackers can exploit to penetrate networks — have expanded dramatically.

The factors driving this expansion include:

  • Increased use of multiple cloud platforms and SaaS services. As organizations improve productivity and agility by migrating workloads to cloud services while also replacing on-prem, self-managed software with SaaS applications and services, they expose themselves to cyber risks that are not under their direct control. Any vulnerability in those platforms and services can be exploited to penetrate their customers’ networks.
  • Rapid expansion of outward-facing apps. By now it’s a truism that every company is an app-development company. To maintain a competitive position in nearly every industry, it’s critical to develop, deploy, and update apps that promote and simplify engagement with customers, vendors, partners, and others with maximum speed. Cybercriminals constantly monitor these outward-facing apps for vulnerabilities — which are more likely to occur in an accelerated DevOps environment.
  • Rapid growth of remote work. The COVID-19 pandemic drove a massive and sudden shift to remote work, and a majority of CISOs admit that at least some security was sacrificed in order to support the vast increase in the number of employees and other users accessing digital assets remotely on a routine basis. This included a dramatic increase in the number of connected devices, many of which are not part of any inventory known to the organization.
  • Growing DevOps dependence on outside, open-source code. The need to develop and deploy apps quickly has meant that DevOps teams are increasingly building third-party libraries, subroutines, and other executable code into their apps. Many of these elements are open-source, and in most cases the app calls and executes them only after loading on the client web browser. Any compromise in any of these elements can be exploited to launch so-called supply-chain or client-side attacks. And of course, the third-party developers creating these outside elements also leverage other outside elements into their work, creating a daisy-chain of third-to-Nth-party potential risk.
  • Growing use of social media and other customer-engagement channels. As increasing numbers of employees are tasked with interacting directly with customers and potential customers via publicly accessible channels such as social-media accounts, the possibility of unwittingly revealing information that can be used to create targeted phishing or other attacks also increases.

New strategic initiatives

Responding to attack surface expansion requires a new way of conceptualizing cybersecurity imperatives. There has to be a shift away from the traditional approach of defining a perimeter and then protecting everything within that perimeter — the inside-out perspective.

Instead, it’s necessary to view the attack surface from the outside in; in other words, to see all your potential vulnerabilities from the same point of view as attackers do. To support this approach, Gartner cites the emergence of a new set of top-level cybersecurity disciplines and capabilities:

  • Digital risk protection services (DRPS) is a blanket term for services that combine advanced analysis of real-time global threat intelligence with detailed assessment of specific risks to client organizations. This also includes recommendations for measures clients can take to mitigate specific risks.
  • External attack surface management (EASM) refers to the practice of discovering all external-facing digital assets — such as web apps, APIs, and portals — monitoring them for potential vulnerability, and actively managing those vulnerabilities to reduce risk.
  • Cyber asset attack surface management (CAASM) is closely related to EASM, but its focus is primarily on consolidating information about internal and external cyber assets in order to give security teams actionable visibility into their entire attack surface.

Rethinking the CISO’s role

As we examine further trends from Gartner’s report in future articles, we will also revisit the question of how the role of the CISO is being forced to evolve and change. But already it should be clear from the above that CISOs can no longer think of themselves as subject-matter experts performing a single, centralized cybersecurity function. The attack surface is simply too vast for that.

Instead, CISOs need to think of themselves as executive risk managers, empowering many others within the organization to make informed risk decisions.

Subscribe to Journey Notes

Scroll to top