A new report from global cybersecurity leader, Palo Alto Networks underscores that organisations in critical sectors such as insurance, pharmaceuticals, and manufacturing are seeing a relentless evolution in their attack surfaces, making them prime targets for cyber criminals exploiting AI-generated vulnerabilities.
The 2024 Unit 42 Attack Surface Threat Report shows that on average, an organisation’s attack surface introduces over 300 new services every month, accounting for nearly 32% of new high or critical cloud exposures. This rapid growth of new services without central oversight inevitably leads to misconfigurations and exposures, resulting in higher chances of a breach.
Organisations experienced 73% of high-risk exposures within IT and networking infrastructure, business operations applications, and remote access services, which can be exploited for lateral movement and data exfiltration.
Over 25% of exposures involve critical IT and networking infrastructure, including vulnerabilities in application-layer protocols and internet-accessible administrative login pages of routers, firewalls, VPNs, and other core networking and security appliances. Remote access services and business operation applications also constitute a significant portion of exposures, with each comprising over 23% of attack surface exposures.
The report also highlights the need for organisations to adopt AI-driven tools like Cortex Xpanse which provides continuous asset discovery and inventory. This capability is essential for maintaining complete visibility into the attack surface and reducing security risks.
Palo Alto Networks regional vice president for Australia and New Zealand, Steve Manley said, “Attackers are moving faster and more aggressively, leveraging AI to exploit even the smallest gaps in an organisation’s defence. Our report makes it clear that central oversight is essential to address today’s increasingly complex exposure landscape, which is why organisations and governments are turning to Attack Surface Management (ASM) practices to meet this need.
“We saw the importance of this recently, with the Australian government’s directives for all government agencies to adopt ASM policies, to gain complete visibility into their attack surface and reduce security risks. By maintaining continuous visibility into their internet-facing infrastructure, organisations can take a proactive approach to effectively manage and secure their attack surface.”
To secure attack surfaces effectively, maintaining persistent and comprehensive visibility across all assets, is essential for identifying and responding to risks such as high-profile vulnerabilities.
Monitoring for unsanctioned services or shadow IT is critical to differentiate between known and unknown assets. Prioritising remediation efforts on high-severity vulnerabilities, especially those that are internet-exposed, is also crucial.
Moreover, organisations should implement processes to address critical exposure risks in real time, optimise cloud configurations, and enforce secure data handling practices. Finally, staying informed about emerging threats and regularly reassessing the organisation’s attack surface are key strategies to mitigate risks.