International Cyber Expo International Cyber Expo
  • About Us
Friday, 17 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Defending your ever-changing attack surface

By Tamara Kirchleitner, Security Operations Analyst at Centripetal

by The Gurus
June 17, 2024
in Insight, Opinions & Analysis
Centripetal Expands Portfolio with DNS Offering
Share on FacebookShare on Twitter

The very elements crucial for a business’s functionality and prosperity are also its greatest vulnerabilities from a cybersecurity standpoint. Emails, files, remote/hybrid work setups, and various devices and tools streamline business operations but also pose significant cybersecurity risks. These areas, where external factors come into play, are the least secure, representing vulnerabilities in your organisation’s attack surface.. Adding to the complexity, this surface is constantly changing, evolving with your business and the environment in which you operate. 

Defining an attack surface 

Simply put, an attack surface encompasses all vulnerabilities that can be exploited by attackers to enter a network. This includes physical vulnerabilities, such as a USB port where someone could plug in a malicious USB stick while an employee is away from their computer. It also includes network vulnerabilities, like open or unprotected ports, unpatched software, and avenues for phishing or social engineering attacks. 

Attack Surface Hotspots 

Typically, the attack surface hotspots within your IT infrastructure tend to be where end users interact with it, as these portions of the network, by design, must remain more open so as to not hinder functionality. 

Therefore, keeping open access to internet browsing for employees in most roles (such as those working or studying in educational institutions, to give just one example) is acceptable and encouraged, because of the net positives it creates. However, if individuals are browsing the web unimpeded, they run the risk of clicking on a malicious link – particularly without the right training or controls in place. 

Front-facing content such as an organisation’s website is another potential place where organisations remain vulnerable on the attack surface, as malicious activity deployed here (such as malvertising) could cast a wide net in terms of potential victims. 

Vertical and size challenges 

Managing the attack surface appropriately will vary from vertical to vertical, and depending on the size of your business. Larger businesses by nature of multiple sites, departments, and a general diversity of business activity will naturally have a more complex attack surface. 

In industries like financial services, the ability to access fast and flexible digital transactions, especially given the global nature of commerce, can determine the success or failure of a business. However, this necessary flexibility may come at the expense of security, in a vertical which is consistently ranked top (or close to top) in terms of the most targeted sectors. 

This speaks to a wider issue, regarding the security supply chain. Industries such as financial services have effectively needed to redesign their entire business structures in order to keep up with the pace of digitalisation. While financial services have managed to do this effectively and for the most part safely, other industries may not be as successful in managing a rapidly changing attack surface. Organisations involved in manufacturing for example may be working across legacy equipment, created for a manufacturing environment which in many cases predates the Internet completely. Now, as they digitalise, their attack surface has changed beyond all recognition, and if they have failed to secure it, then they leave themselves open to serious cybersecurity incidents. 

An intelligence-powered solution 

The core advice for protecting the attack surface remains simple: Consider security from the very beginning. Ensure that everything in your network is angled toward reducing the available attack surface as much as possible, without impeding business function. 

Where there is necessary risk in order to support wider activity, ensure that this risk is minimised. This can be done by ensuring that security awareness training programs are in place, vulnerabilities are regularly scanned for, and that patches are regularly and rigorously applied. Leveraging relevant threat intelligence is crucial to enhancing your security team’s ability to thwart malicious activities that may target your attack surface. Given that many cyber incidents are fueled by readily accessible intelligence, a comprehensive understanding of threat intelligence is a critical advantage.

ShareTweet
Previous Post

Why ransomware is still important to business resilience

Next Post

Salt Security Survey Reveals 95% of Respondents Experienced API Security Problems in Past Year

Recent News

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

July 16, 2026
Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

July 15, 2026
Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

July 15, 2026
Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

July 14, 2026

Eskenzi PR banner ad

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol