Cybersecurity insights from industry experts.

The New External Attack Surface: 3 Elements Every Organization Should Monitor

In short, the global Internet is now part of your external attack surface. Here’s how to better protect your users and data.

Microsoft Security, Microsoft

December 5, 2022

4 Min Read
Global cyberattack around the world with planet Earth viewed from space and internet network communication under cyberattack
Source: NicoElNino via Alamy Stock Photo

In today’s landscape of cloud computing and decentralized work, external attack surfaces have grown to encompass multiple clouds, complex digital supply chains, and massive third-party ecosystems. For organizations, this means rethinking the way they approach comprehensive security in the face of ongoing global cyber threats.

Given this evolving reality, organizations should keep in mind some new, key considerations when assessing their attack surfaces.

The Global Attack Surface Grows With the Internet

Every minute, 117,298 hosts and 613 domains are created, leading to a rapidly expanding global attack surface that grows and scales over time. And cyber threats are growing at scale with the rest of the Internet, too.

In the first quarter of 2021, 611,877 unique phishing sites were detected, with 32 domain-infringement events and 375 new total threats that emerged per minute. These threats encouraged employees and customers to click malicious links so cybercriminals could phish for sensitive data. The result is that security teams now have to treat the Internet as part of their networks.

3 New Elements Foster a Hidden Attack Surface

Organizations need a complete view of their Internet assets and how those assets are connected to the global attack surface to adequately protect operations. But shadow IT, mergers and acquisitions (M&A), and digital supply chains can all block visibility.

When employee needs aren’t being met by their company’s current toolset, they’ll often look elsewhere for support through a process called shadow IT. Nearly one-third of employees reported using communication or collaboration tools that weren't explicitly approved, and this can be costly. As much as 50% of IT spending at large companies is devoted to shadow IT.

Critical business initiatives, like an M&A, can also expand external attack surfaces; overall, less than 10% of global deals contain cybersecurity due diligence. Large organizations often have thousands of active websites and publicly exposed assets, and their internal IT teams don’t always have a complete asset register of websites.

Finally, because enterprise business is so dependent on digital alliances in the modern supply chain, we’ve been left with a complicated web of third-party relationships outside the purview of security teams. Third-party attacks are one of the most frequent and effective vectors for threat actors, and many come through the digital supply chain. Among IT professionals, 70% reported having a moderate to high level of dependency on external entities, and 53% of organizations said they have experienced at least one data breach caused by a third party.

Apps in App Store Target Organizations and Their Customers

Each year, businesses are investing more in mobile to support the proliferation of mobile apps. Since 2016, the number of apps downloaded per year has increased by 63%. Consumers are getting in on the action, too. Mobile app spending grew to $170 billion in 2021, a 19% year-over-year growth.

This growing landscape represents a significant portion of an enterprise’s overall attack surface beyond the firewall. Threat actors often exploit security teams’ lack of visibility by creating rogue apps that mimic well-known brands and can be used to phish for sensitive information or upload malware. While these apps will appear in official stores on rare occasions, some less reputable stores are overrun. Microsoft blocklists a malicious mobile app every five minutes.

The Global Attack Surface Is Part of an Organization’s Attack Surface, Too

If you have an Internet presence, you are interconnected with everyone else — including those who want to do you harm. This makes tracking threat infrastructure just as important as tracking your own infrastructure.

Threat groups often recycle and share infrastructure — IPs, domains, and certificates — and use open source commodity tools, such as malware, phish kits, and C2 components, to avoid easy attribution. In the first half of 2022 alone, more than 270,000 new malware variants were detected — a 45% increase over the same period last year. This year, the number of detected malware variants rose by 75%.

While today’s security teams have a larger attack surface to protect, they also have more resources. Zero trust is one way for organizations to secure their workforce — protecting people, devices, applications, and data regardless of where they’re located or the threats they’re facing. Targeted evaluation tools can help you assess the zero-trust maturity stage of your organization.

Read more Partner Perspectives from Microsoft.

Read more about:

Partner Perspectives

About the Author(s)

Microsoft Security


Protect it all with Microsoft Security.

Microsoft offers simplified, comprehensive protection and expertise that eliminates security gaps so you can innovate and grow in a changing world. Our integrated security, compliance, and identity solutions work across platforms and cloud environments, providing protection without compromising productivity.

We help customers simplify the complex by prioritizing risks with unified management tools and strategic guidance created to maximize the human expertise inside your company. Our unparalleled AI is informed by trillions of signals so you can detect threats quickly, respond effectively, and fortify your security posture to stay ahead of ever-evolving threats.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights