What is an attack surface?
by Emma Contreras
Similar to years prior, 2020 saw a continued trend of surging ransomware and cyberattacks. The increase in attacks affected all types of industries. However, the healthcare industry, in particular, took on the brunt of the attacks, in large part due to the coronavirus pandemic and a sudden shift to cloud-based telehealth services and remote work.
Despite the healthcare sector’s rapid pivot to secure protected health information (PHI) and other sensitive data as employees and patient services transitioned remotely, there are still many vulnerabilities that leave organizations open to attacks and exploitation.
One such vulnerability is the attack surface, which is the entire external-facing area of an organization that is vulnerable to hacking and other cyberattacks.
An attack surface is composed of all the access points that a hacker or other unauthorized person could use to enter a system. Once a hacker has discovered the vulnerabilities in your attack surface, they can access confidential data, plant spyware, or make a ransomware demand.
How do hackers exploit an attack surface?
Hackers gain access to an attack surface through attack vectors (also known as threat vectors). Think of each vector as a possible avenue for someone with ill intent to take advantage of.
Every healthcare organization has a unique situation. While no two organizations will have the same attack surface, they may share many of the same attack vectors that leave them open to threats.
Examples of common attack vectors include:
- APIs: If APIs are not secured properly with tokens, signatures, encryption, or other methods, they can put an organization at great risk.
- Weak or missing encryption protocols: When employees fail to follow protocol when sharing information, it opens the data up to theft.
- Compromised credentials: Weak, stolen, or shared usernames and passwords are an easy target for hackers. Organizations should ensure all passwords are strong and set up multi-factor authentication.
- Malicious insiders: Unhappy employees can pose a major threat to a network if they share access to the network with outsiders.
- Errors in system configuration: Flaws in system configuration, such as using default usernames and passwords or misconfigured apps and devices, serve as easy entry points for attackers.
- Email phishing attacks: One of the weakest routes into a network system is through email. Human error often inadvertently leads to sending sensitive data and falling prey to phishing attacks.
Other common attack vectors include unsecured public dev sites and expired web certificates.
All of the attack vectors mentioned above could have existed as threats to an attack surface in normal, pre-COVID times. Even before the pandemic started, it is both possible and likely that your healthcare organization had dozens, if not more, attack vectors within its network.
The same kind of vulnerabilities of an attack surface exists today. However, there is a significantly heightened risk when you factor in the increase of remote work and telehealth services that the healthcare industry has experienced in a short amount of time.
With many employees still working from home, it’s crucial that they realize that their home offices are also vulnerable, if not more vulnerable, to attack surface threats.
Whether it’s an employee using an office device for personal use or accidentally downloading private data to a personal device, the risk of an attack surface breach and subsequent loss of data is more pertinent than ever as cybercriminals adapt to exploit the current health crisis.
What happens when an attack surface has been breached?
Once a hacker has identified a vulnerable part of the attack surface and gained access through an attack vector, they can access information such as:
- Patients’ protected health information
- Financial records of the organization and its employees
- Employee records including Social Security Numbers, addresses, birth dates, and other data
Whether the hacker intends to destroy data, sell it, or hold it for ransom, the consequences of an attack are expensive in terms of both time and money.
How to reduce your attack surface
To reduce your organization’s attack surface and risk of hacking, conduct a thorough attack surface analysis to identify vulnerable access points and assess what information different users have access to.
Address the most vulnerable areas first and review the organization’s safety protocols and threat responses.
Implement the following techniques to reduce the attack surface of your organization’s network:
- Create strong user access protocols and password policies
- Segment your network with firewalls
- Implement strict multi-factor authentication policies
- Protect data backups
- Train employees on email security tactics and how to avoid phishing attacks
- Utilize HIPAA compliant email to reduce email threats
- Regularly scan the network’s health
- Schedule regular maintenance for cleaning up expired certificates
- Remove out-of-date or unnecessary code
Never underestimate the harm that can come from failing to reduce the attack surface of your organization’s systems. Multiple layers of security and various tools are needed to protect your organization and patient data from cybercriminals.
How Paubox Email Suite Plus can help
With Paubox Email Suite Plus, your organization can reduce one of the largest attack surface vectors that regularly threaten healthcare organizations: email.
As found consistently in our monthly HIPAA breach reports, email breaches are the most common breach type that put patients’ PHI at risk. In addition to providing blanket outbound email encryption, Paubox Email Suite Plus’s inbound email security tools protect your employees from malicious hacking and phishing attacks.
Free Report: 2020 HIPAA Breach Report: A Year in Review
Taking a smart and purposeful approach to email security is a great way to reduce the level of attack surface breaches and help employees avoid phishing attacks.