The COVID-19 global pandemic that has necessitated restriction in the movement has forced organizations and businesses to overhaul their digital infrastructure to allow for remote working. Whereas this has enabled organizations to continue with their operations, it has expanded their attack surface multi-fold. Remote working usually involves employees using their private networks and personal laptops to access their workplace’s corporate network. And private networks and IT-related hardware are known to be vulnerable to malware and other harmful internet programs due to their weak level of cybersecurity. This has created simple and readily accessible entry points for cybercriminals targeting corporate data and systems. Thus, attack surface management has become more than ever crucial for organizations.
Therefore, organizations trying to achieve attack surface reduction now need to take into account the additional risks brought onto by the remote workforce and their personal devices that are not in the purview of your organization’s security measures. To get you started, here are the top three risks posed by remote working:
- Lack of Attack Surface Visibility for assets getting uploaded on the corporate network from home – Working from home is challenging due to the pressure of trying to have a balance between personal work and work-related. And for cybersecurity employees working from home, it is very challenging to keep up with all assets uploaded on and connected to your organization’s corporate network. Sometimes files or devices with vulnerable entry points can be uploaded on – and connected to – the network respectively.
- Risks from third party vendors – For organizations that have no comprehensive plan that restricts employees to its approved software and services, remote working means these employees are given some sort of freedom to choose their preferred third-party software and services to carry out work-related tasks. This practice, widely known as shadow IT, poses a great risk of expanding the attack surface for cybercriminals.
- Accidental data exposure –Working from home means mixing personal and work functions, together with devices. For instance, using a personal computer to access and store work-related data. Working from home also means there is a probability that you will leave your work-related assets exposed to the people around you, both intentionally and otherwise. Exposed work-related assets are under huge risks since they might fall into the hands of bad guys.It is therefore imperative that organizations take it very seriously the risks posed by the practice of working from home. Carry out a thorough attack surface analysis and attack surface mapping to identify all the risks posed by new assets added from home. Additionally, utilize ASM tools to put in place measures to reduce and address the attack surface introduced by this “new normal” of working remotely.
(Free Tests for Attack Surface Discovery During COVID 19)
FireCompass helps in attack surface reduction by indexing the entire global internet, including the deep, dark and surface web to discover the unknown attack surface of an organization which is exposed on the internet. It creates an asset inventory of all your publicly exposed applications & services which is stored in FireCompass proprietary Big Data Platform. We query our big-data platform using our proprietary AI and ML based algorithms rendering the results (Shadow IT, Digital Foot print & 3rd Party Vendor Risks) in near real-time.
It has following use cases –
- Unknown Asset Discovery (Create your Asset Inventory of all your publicly exposed applications & services)
- Darkweb Exposure (Leaked credentials, Credit Cards, PII, passwords..etc)
- 3rd/4th Party Risk Management (Manage third & fourth party risks to assess the security posture and prevent data breaches)