Our glossary provides concise definitions of technical terms to assist with education.
A company's attack surface is a subset of the digital footprint of a company, more specifically, its digital assets that are unknown to the IT, security or compliance department and therefore pose a higher security risk.
Attackers are scanning the ‘invisible’ footprint of a company, looking for systems that have vulnerabilities. Companies properly protect assets they know, but obviously cannot protect what they don't know. Vulnerabilities are most often found in unknown (shadow IT) or forgotten (orphaned IT) systems.
Attack surface management is a continuous process that starts by uncovering the ‘invisible’ digital footprint of a company. From there, unknown network and IT assets can be traced, security can be analysed and security risks can be identified and mitigated. The goal of attack surface management is to minimize the attack surface and make it more difficult for attackers to successfully compromise an organization's systems and data.
Companies that do not continuously search for uninventoried assets in their digital footprint run a substantially higher security risk. The IT and network asset landscape of a company continuously evolves, with systems and applications changing on regular basis.
The digital footprint, or the online presence, of a company is made up of all public information that is digitally available on the internet or on social media. The ‘visible’ digital footprint consists of news coverage, ratings and reviews, blog posts, discussions in forums, etc. The ‘invisible’ digital footprint is composed of the network and IT assets of the company that are exposed to the internet, such as email addresses, domains and subdomains, software fingerprints, IP addresses, etc.
The visible and invisible digital footprint of companies is evolving on a daily basis. Hackers track these changes, looking for ways to get in. They use data of the ‘visible’ footprint for social engineering of phishing attacks, and they look for unsecured assets in the ‘invisible’ footprint for spoofing and brute force, cross-site scripting (XSS) or clickjacking attacks.
DMARC stands for Domain-based Message Authentication, Reporting and Conformance DMARC is an email authentication protocol which gives email domain owners the ability to protect their domain from unauthorized use (email spoofing). The aim is to protect a domain from being used in business email compromise attacks, phishing, email scams or other cyber threats. Dmarc allows a domain owner to understand where their legitimate email messages are originating from and be aware of any spoofing or phishing of their brands. Moreover, through applying the “quarantaine” or “reject” parameters in your DMRC setup you can prevent spoofed mails to even be delivered to the recipient’s mailbox. As an example, threat actors can spoof a domain to trick employees into sharing confidential information or downloading a malicious file attachment. Phishing emails are arriving with smarter baiting tactics. This is where DMARC is one of the three anti-phishing standards that help maintain domain integrity: SPF, DKIM, and DMARC.
The result of a domain not implementing any form of DMARC policy is exposing its recipients to possible phishing attacks and, unsurprisingly, 91% of all cyber attacks begin with a phishing email. Phishing and spoofing attacks against consumers are likely to occur when companies do not have published Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) policies in place.
DNSSEC stands for Domain Name System Security Extensions. It is a protocol for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, but not data availability or data confidentiality. Thus, protecting critical business data and embedding trust in the systems that employ DNSSEC. As an example, when a user surfs to a certain website, a root server, the DNS server acts like the phone book of the Internet where all users have their IPs listed. It is going to ask your server for the IP-address. In a cybersecurity context, the issue arises when some DNS servers are malicious and give the wrong IP-address. When DNSSEC is enabled that is assurance that the website is real.
DNS Systems are continuously at risk to DNS hijacking, domain shadowing, DNS cache poisoning, Man-in-the-Middle (MITM), and DNS spoofing. In many cases, malicious parties can take advantage of the complexity of DNS management, which makes companies vulnerable.
Hijacked, spoofed, or corrupted DNS files are used to divert internet users and customers to fraudulent websites that can convincingly imitate a trusted enterprise brand.
HTTP Response Headers facilitate the communication between the client and the server by passing additional information with an HTTP request or response. As an example, one of the most common ways a session is maintained is by sending a Set-Cookie HTTP response header to the browser. This ensures that the only way a server will know which client/browser it is talking to is when the client/browser sends the same cookie value with each and every request made to the server.
HTTP Response Headers, aka HTTP Security headers can be of great help in preventing many kinds of common attacks, including Cross Site Scripting and Clickjacking. In addition, they can provide an additional layer of security for your web applications.
In the context of cyber hygiene, virus infections can mean ransomware, spyware or other types of malware which affect the well functioning of a computer system. The impact on an organization can range from slow computers to disruption of business operations, to reputational damage.
A malware infection can cause many problems that affect daily operation and the long-term security of your company. Hackers use it to steal passwords, delete files and render computers inoperable.
In IT security an open port refers to either a TCP or UDP port number which is configured to accept data packets. In contrast, a port that rejects connections or ignores all data packets is a closed port.
Open ports are a security risk if services running on these ports are misconfigured, vulnerable, or unpatched.
Phishing is an attack technique used to psychologically manipulate potential victims into unknowingly taking harmful actions. Scammers launch thousands of phishing attacks every day, and they’re often successful.
Phishing is designed to trick users into giving up sensitive personal or business information that hackers can use to steal their identity, raid their bank accounts and more. Allowing phishing domains to exist can have a big impact on a brand’s reputation and a user’s perception on that brand’s security.
SPF stands for Sender Policy Framework, and it is an email authentication method designed to detect false sender addresses in email exchanges. In combination with DMARC, SPF can detect the falseness of sender in emails, a technique often used in phishing and email spam. As an example, SPF can prevent email spoofing and phishing. This happens when SPF determines whether or not a sender is allowed to send on behalf of a domain. If the sender is not allowed (meaning if the email fails the SPF check on the receiving server), the spam policy configured on that server determines what to do with the message.
Without an SPF record:
SSL stands for Secure Sockets Layer. Currently replaced by Transport Layer Security (TLS), the successor of SSL. The aim is to provide cryptography, including privacy (confidentiality), integrity, and authenticity through the use of certificates, between two or more communicating computer applications. As an example, companies use SSL and transport layer security (TLS) to encrypt their internet communications. However, the encryption protocols secure all application data, both legitimate and malicious. What happens in these cases is that threat actors use SSL/TLS protocols as a tool to hide their attack payloads. A security device may be able to identify a cross-site scripting or SQL injection attack in plaintext, but if the same attack is encrypted using SSL/TLS, the attack will go through unless it has been decrypted first for inspection.
If you do not have an SSL/TLS certificate on your website, then all the confidential information on your site might be accessed by hackers. This may lead to leakage of personal data of your customers, including payment details which may be compromised.
Third-party security risk management is the process of evaluating and managing the security risks associated with using third-party vendors, partners, and service providers. These risks may include the potential for data breaches, unauthorized access to systems, or other security incidents that could compromise an organization's sensitive data or disrupt operations.
The risk of not assessing and managing third-party security risks are twofold. First, a supplier under attack may have to seize his operations, possibly impacting your business continuity. Second, using data obtained from a connected third party, hackers may find their way in into your organisation. Over 60% of the attacks originate from a known third party.
In IT security, a vulnerability is a weakness in a system or software that can be exploited by threat actors. By gaining unauthorized access attackers exploit a vulnerability and can introduce malicious code, install malware and steal sensitive data.
A vulnerability is a weakness that, when exploited, can lead to data loss, information disclosure, or even having a hacker having a permanent foothold inside your organisation.
Vulnerability management is the process of identifying, evaluating, and mitigating vulnerabilities in computer systems, networks, and applications. Vulnerabilities are weaknesses or flaws in a system that could be exploited by attackers to gain unauthorized access, steal sensitive data, or disrupt operations. Vulnerability management of the digital footprint of a company is a key component of attack surface management.
Software versions follow each other in rapid succession and hacking techniques are continuously evolving. As result, companies that do not do proper vulnerability management on a continuous basis run substantially higher security risks.