In recent years, businesses have increasingly relied on third-party cloud platforms and providers to host their IT applications and services. This shift, primarily driven by the need for enhanced security and scalability, has seen critical security tools like antivirus software, intrusion detection systems, and VPNs migrate to cloud environments.
While this move offers undeniable advantages, it also presents new challenges - especially regarding cybersecurity. Breaching a central tool like OKTA, LastPass, or SolarWinds, for example, can give cybercriminals access to a multitude of customers, amplifying the potential impact of an attack.
One of the key concerns here is the expanded attack surface that cloud platforms represent.
Why expanding businesses are vulnerable to attack surface expansion
An attack surface is the collective sum of all potential entry points an attacker can exploit to gain unauthorized access to an environment, system, or infrastructure. When there is an increase in the complexity and/or number of these potential entry points, it is referred to as an attack surface expansion.
Several factors can contribute to an attack surface expansion, including:
- New ports in the firewall, which enable third-party communications
- Adding additional remote workers to the workforce
- A lack of security hygiene, which might include writing insecure code, continuing to use outdated software, or failing to seal up similar vulnerabilities
- Creating additional endpoints for a web application; for example, exposing an unsecured endpoint that enables vendors to generate data within the system
- Adding new software or hardware systems, such as a new cloud-based platform designed to enhance business intelligence
- Expanding the business through new data centers, or opening new branches
- Expanding digital transformation ventures, which could include a cloud platform migration
While these present security concerns, they are all essential for businesses to grow, with the exception of poor security hygiene. So, while they are necessary for organizations to scale, they also present potential liabilities regarding their attack surface.
To guarantee their security, companies must ensure that the growth of their infrastructure doesn’t lead to an increased attack surface by proactively improving and/or maintaining their security posture. When an organization integrates a new cloud platform into an existing on-premise infrastructure, for example, it should continually educate employees about the risks of cloud computing, such as security breaches and data loss. It should also consistently review any applications for misconfigurations that could lead to security vulnerabilities.
Why attack surface expansion can be problematic
An organization with an expanding attack surface can face several implications, such as the following:
- Increased complexity - An expanding attack surface can also increase complexity - especially if the company’s infrastructure spans numerous cloud and on-premise environments. The more complicated a system becomes, the harder it can be to secure and maintain.
- Increased risk of cyberattacks - The more prominent an attack surface becomes, the more avenues it offers attackers, who can exploit those system vulnerabilities. For example, adding an AWS Lambda function to a company’s infrastructure without ensuring the proper IAM policy is in place to keep it secure can empower attackers to exploit these misconfigurations and then infiltrate the organization’s network.
- Increased security and maintenance costs - When the proper steps are not taken to proactively minimize an attack surface, the overall costs associated with maintenance and security can be monumental. Potential costs may include the additional resources necessary to ensure the security of the expanded attack surface or to resolve any vulnerabilities that can be exploited.
- Decreased agility - An organization’s overall agility and speed to market can also decrease alongside an attack surface expansion. The additional complexities and security costs associated with this kind of growth can slow the company’s innovation by making it more risk-averse, potentially leading to missed opportunities.
New security concerns raised by the rise of generative AI
The rise of generative AI has further complicated matters, enabling sophisticated social engineering attacks that can deceive even the most vigilant security measures.
If not properly trained and monitored, generative models can unintentionally create incorrect, biased or even harmful content that poses serious security dangers.
Because deep learning models also lack transparency into their decision-making processes, validating and verifying their overarching reliability is more complicated than for rules-based models.
If attackers find backdoors or other ways to trick the models, they can potentially poison the system and trigger unintended outcomes by manipulating training data or the model itself.
As businesses rush to leverage generative AI's capabilities to gain competitive advantages, they must simultaneously navigate these significant security and privacy concerns carefully. Deploying large language models (LLMs) on cloud platforms requires feeding sensitive data and raising the stakes to protect against potential breaches.
This is why the new vulnerabilities that AI systems present, compared with traditional security tools, cannot be overlooked - and why onboarding generative AI too quickly, without carefully weighing these risks, can lead to ethical, legal, and/or security issues.
Organizations that are eager to tap into generative AI’s potential must first ensure they are also ready to employ red teaming, data quality monitoring, governance frameworks, stringent model evaluation, and explainability methods.
