The changing attack surface
In which corner does the danger lie? Control the continuously expanding attack surface
Accessible experts
Our Dutch experts are available 24/7 and can take immediate action for you in the event of a threat.
Grip on the attack surface
Organizations are growing in employees, systems and data. More automation is being done and more and more data is being exchanged to optimize processes. For example, maintenance can be focused more quickly and better, patients can be treated more adequately and the service level to customers can be increased.
The downside of these modern times is that your organization's attack surface is growing very fast. Where not so long ago, the employee mainly worked in the office and many systems were not yet connected to the internet, the situation is different these days! Employees work at different locations, all kinds of smart IoT and OT devices help optimize processes, and thanks to APIs, data exchange takes place between a multitude of systems, both within an organization and between organizations.
In short, all these developments mean that your organization's attack surface is rapidly increasing.
The anatomy of an attack surface
Technics
Systems, applications and data are often aimed at optimizing processes and/or making employees work more effectively. Having insight into all these possible assets is important, only then can you ensure that, for example, timely patching or monitoring of what happens. This not only applies to your IT environment, but also to your IoT devices and OT environment. For example, do you know which of your suppliers has access to your network and systems?
physical
Your employees attach great importance to customer friendliness. However, a healthy level of suspicion is sometimes appropriate. It is important to also pay attention to physical elements when it comes to cybersecurity. Which people walk into the building with your employees? What happens to found USB sticks? When it comes to cybersecurity, people often only think of digital ways and means. Bad actors also use physical opportunities!
time
It's important to realize that knowledge ages over time. If you do nothing, the knowledge you have today will be worth less or nothing in a while. It therefore takes a constant effort to ensure that 'unknown unknowns' turn into 'known unknowns' and eventually become 'known knowns'. Take action by gaining more and more knowledge about your attack surface.
What does the attack surface consist of?
Malicious people do not sit still; they are constantly looking at how they can get into an organization. For example, by seeing if there are new vulnerabilities that can be exploited, whether there are configuration errors that can be exploited, or whether there may be employees they can trick into revealing data.
The use of AI ensures that a phishing email is almost indistinguishable from the real thing. The amount of software updates that are published weekly is overwhelming for many organizations, and with employees working remotely, it is almost impossible for IT departments to control what is connected to the corporate network.
With the arrival of NIS2, cybersecurity is now more than ever a topic for the board table. We'll help you get a grip on the ever-growing attack surface.
Get insight and control over the unknown: Know the unknowns
When mapping an organization's attack surface, it often happens that unknown devices, APIs, or accounts are in use. To reduce the risk of a cyber incident, it's essential to know which assets are owned by your organization. You can manage the assets that are known to your organization. You can determine whether they are vulnerable, whether they are running the correct software version and whether ports are not unnecessarily open with the outside world. In other words: you know these assets, you have insight and control over them.
Also, realize that there are always things you don't know (yet), the unknown unknowns. You want to gain insight into issues that are happening outside your organization, but that can have an impact on your organization. Think of lookalike domains that are registered, or datasets with usage data that are traded on the darknet. These things also affect your organization's attack surface. The trick is to be able to respond quickly and effectively as soon as you know these unknowns. In other words; make the unknown unknowns, known knowns.
the vision paper 'the changing attack surface'
Download the vision paper and learn how to control the rapidly changing attack surface.
Discover the latest publications
Trusted by leading organizations in the Netherlands
Nice to meet you, we are Tesorion
Tesorion is a Dutch, multidisciplinary cybersecurity service provider. We combat cybercrime and minimize business risks. Tesorion protects your organization 24/7 thanks to our technology and more than 100 experts.
