The idea of an attack surface is not new, but how organizations and CISOs need to view their attack surfaces should be updated. Traditionally, IT has looked at an organization’s attack surface from the inside out, asking questions like “What are the assets that connect to the wider internet?” and “Where is the perimeter that must be defended?”
CISOs should be looking from the outside in at their risk, asking questions like “Which assets in the cloud or belonging to supply chains are connected back to the company network?” and “How many of those assets are unknown?”
Download this guide to understand:
- The big risks to look out for
- How to measure success in an attack surface management plan