Cyber Insights 2025: Attack Surface Management
January 21, 2025 – Published on SecurityWeek
SecurityWeek’s Cyber Insights 2025 examines expert opinions to gain their opinions on what to expect in Attack Surface Management in 2025.
While we have traditionally considered the Attack Surface to be a part of the overall IT infrastructure that can be treated and managed discretely, our view now is that the AS includes anything and everything a threat actor can target for exploitation.
One of the biggest remaining threats: BYOD.
“IT teams still see the trade-off in device procurement and maintenance cost as being worth it compared to the cost of securing the devices. Seeing this trend on the rise means more and more devices added to the attack surface of companies,” warns Dale Madden, attack simulation operations manager at GuidePoint Security.
But over the years, bring your own device has expanded into “do your own thing.” Technology has become easier to use and is often used by staff just to increase their efficiency. Standing up an S3 bucket without considering the security of the data or involving the security team is the classic example. Developers creating quick code, possibly using new low code/no code apps and perhaps adding unverified open source libraries could be another. And now, ready-made open source AI models can also be downloaded and used, often without corporate or adequate security oversight.
Read More HERE.