It’s often said that people are the biggest threat to cybersecurity, and while it’s true it’s often through targeting individuals that hackers can gain access to networks, the improvements in training and awareness have reduced those risks. Instead, the growing threat has shifted toward older and forgotten servers, devices, and software, which IT may have lost track of or otherwise lack the resources to monitor, according to an article in Help Net Security.
The explosion in Internet enabled devices hasn’t helped either, as remote and cloud-based computing has greatly increased the attack surfaces which each organization must defend. And when significant new vulnerabilities are found, IT and cybersecurity departments can face challenges even identifying all the devices and services that may require update. On the other side, much like with phishing attacks in previous years, hackers can use a set of automated tools to track down these exposed devices and exploit them.
With people now knowing what to look for in phishing attacks, IT and cybersecurity teams need to work together to properly inventory their company’s Internet-connected devices to ensure they’re properly included in cybersecurity plans, so that when the next critical vulnerability is identified they can act before hackers can.
Source:
https://www.helpnetsecurity.com/2023/04/13/securing-attack-surface/
