EXPOSED
The internet, the modern workplace, and their impact on attack surface
The modern workforce has resulted in an increase in users, devices, and applications existing outside of controlled networks, including corporate networks. As a result, the business emphasis on the “network” has decreased and the reliance on the internet as the connective tissue for businesses has increased.
Leveraging the internet as a means of connectivity has greatly benefited businesses in regard to scalability, reliability, and user experience. It makes it possible for healthcare providers to continue treating patients via Zoom and enables teachers to create a virtual learning environment for their students. While the internet has helped enable the modern workforce, we must remember that it is an untrusted network. The significant expansion of its use has led to a correspondingly sizable expansion in attack surface as remote workers and network access solutions have become a popular target for cybercriminals to exploit. In a recent survey, 94 percent of businesses said they are aware that cybercriminals are specifically targeting VPNs and other network-centric technologies to gain access to their corporate networks (2021 VPN Risk Report), resulting in attacks such as VPN exploits, Sodinokibi, and the recent HAFNIUM MSFT Exchange attacks.
To avoid becoming victims, IT leaders must eliminate areas of exposure and identify what resources are discoverable on the internet. For the 2021 “Exposed” Report, we analyzed 1,500 organizations’ visible attack surfaces to highlight and identify attack surface trends that are affecting businesses of all sizes across all geographies and industries. Our hope is that this report will raise awareness of companies’ attackable surface and ultimately compel organizations to take steps to reduce it.