Editor's note: This article originally appeared in the Wall Street Journal
Businesses face growing risks from rapidly expanding digital footprints that increase the likelihood of cyberattacks. The fix requires a strategic shift away from legacy technologies to a zero trust solution that eliminates attack surface and brings additional benefits beyond data security.
A company’s attack surface is every point where an unauthorized person could potentially access a system. It includes websites, firewalls and VPNs, cloud-based applications, email, every internet-facing application, every employee device, weak or default passwords, misconfigured devices and even third-party vendors’ systems.
Remote working, digital transformations, the move to cloud computing, bring-your-own-device policies and the explosion of Internet of Things devices and operational technology have all accelerated attack surface growth, giving cybercriminals more options to infiltrate networks. Generative AI exacerbates the situation by simplifying the process of discovering and exploiting vulnerabilities.
The executive imperative
For executives, understanding the organization’s attack surface and actively taking steps to reduce it isn’t about preventing breaches; it is essential for building long-term resilience and protecting an organization’s ability to operate, innovate and maintain customer trust.
The risks are not theoretical. This year, the Cybersecurity and Infrastructure Security Agency urged organizations to protect themselves against active attacks against widely used firewall and VPN products by patching software. Cybercriminals are targeting this part of the attack surface because of vulnerabilities that would allow direct access to the network.
IT departments, hampered by resource constraints, frequently don’t have visibility into the entire attack surface. The problem is made worse by shadow IT, which isn’t administered or authorized by the IT department.
Weaknesses are often exploited with devastating effect by ransomware groups that demand millions of dollars to unlock the files they encrypt. Payment is rarely the solution as many incidents in recent months prove, and even with backups and first-rate incident response, the operational disruption can cripple a company for weeks, leading to massive losses and knock-on disruption for customers.
The question becomes not just how to defend digital assets today, but how to anticipate and secure the digital frontier of tomorrow; experts recommend abandoning attempts to manage the ever-growing attack surface and instead radically reduce it by implementing a zero trust strategy.
Managing the expanding digital frontier
Platforms, such as Zscaler’s Zero Trust Exchange, minimize a company’s attack surface by making applications invisible to the internet. If bad actors cannot find the attack surface, they cannot go after private applications and resources.
A growing number of companies are doing just that. Office-based and remote workers, as well as entire branches and factories, can connect directly and securely to the internet, cloud-based storage, software as a service applications and data centers, removing the need for firewalls and VPNs.
Users never need to access the corporate network, thus removing the threat of lateral movement—the methods hackers use to find the target data and achieve their aims in a compromised network. Business policies determine access to resources, and these policies can be tailored for specific teams or individual users.
The Zero Trust Exchange acts as a switchboard that sits between users and applications to direct traffic straight to where it needs to go, all the while checking that the connection is authorized. The approach is particularly effective for organizations with many IoT devices or operational technology. Zscaler allows these devices to securely access the internet to transmit and receive data, regardless of whether they are connecting via an official Wi-Fi connection or over the cellular network.
Eliminate the network by embracing zero trust
Rendering the majority of a company’s attack surface invisible with the Zero Trust Exchange is only one benefit. Operational costs decrease with fewer hardware devices to maintain, and the pressure on stretched IT resources is reduced. Fewer vulnerable products mean fewer fire drills that require patches to be installed at short notice. The number of alerts that need to be investigated also drops.
Businesses also become more agile: Scaling connectivity with a zero trust architecture is immediate, and deploying connectivity to new branches or factories takes hours instead of weeks.
Change will not come from the CIO and CISO alone; it needs to be driven by fully-engaged C-suite leaders that seize the initiative for a more secure future.
Find out more about how Zscaler can help your business take the initiative here.