FINAL WORD
Nathan Howe , Vice President , Emerging Technology at Zscaler
Top exposed industries
In addition to presenting geographic data , the report tracked corporate attack surfaces by industry , pinpointing the types of organizations most likely to be targeted by cybercriminals . The report analyzed a diverse group of companies , spanning 23 different industries , and found that telecommunications organizations were the most vulnerable and had the highest average number of outdated protocols in their servers .
Telecom companies had the third highest average of exposed servers to the Internet , increasing the risk of being targeted by cybercriminals for DDoS and double extortion ransomware attacks .
The report also showed that the hospitality industry – including restaurants , bars and food service vendors – had the highest average of exposed servers and public cloud instances ; with AWS instances exposed 2.9 times more often than any other cloud providers . With the COVID-19 pandemic pushing many restaurants to offer online ordering , the rapid adoption of digital payment systems has increased risks for both businesses and customers .
Three steps to reduce an attack surface
With the number of cyberattacks increasing daily , business IT teams must minimize their attack surface as part of an overall organizational security policy .
Without comprehensive security measures , such as a zero-trust model , Digital Transformation initiatives and cloud migration efforts can also create new vectors of attack and threaten Business Continuity , professional reputation and employee safety .
Although no approach will be completely effective , Zscaler recommends the following tips for minimizing corporate network risks :
• Get visibility into your risk of exposure : Knowing your visible attack surface is key to effective risk mitigation . As more and more applications move to the cloud , it becomes mission-critical to be aware of entry points that are exposed to the Internet . Remember , you can ’ t attack what you can ’ t see .
• Recognize the failings of VPNs and firewalls : In the age of cloud and mobility , these perimeterbased technologies significantly increase your attack surface . Stay current with the latest updates to the CVE database . Be sure to remove support for older TLS versions from servers to reduce risk .
• Make apps invisible to threats with Zero Trust : Applications protected behind the Zscaler Zero Trust Exchange are not visible or discoverable , thus removing an attack surface . The Zero Trust Exchange helps IT security teams ensure that no entity ( user or application ) is inherently trusted , while helping improve user productivity , mitigate risk , increase business agility and reduce cost and complexity . p
84 INTELLIGENTCIO APAC www . intelligentcio . com