Organizations are wrestling with a pressing concern: the speed at which they respond to and contain data breaches falls short of the escalating security threats they face. An effective attack surface management (ASM) solution can change this.

According to the Cost of a Data Breach 2023 Report by IBM, the average cost of a data breach reached a record high of USD 4.45 million this year. What’s more, it took 277 days to identify and contain a data breach.

With cybercriminals evolving the sophistication of their attack tactics, there is an increasing need to speed up detection, response, and neutralization of security breaches.

The role of attack surface management in data breach containment 

Despite employing an arsenal of cybersecurity measures to protect sensitive data, many organizations find themselves in a relentless race against time, as they strive to bridge the gap between the moment a data breach occurs and when it is effectively contained. As data leaks on the dark web continue to make headlines, organizations face heightened pressure to reinforce their breach containment strategies. 

Incorporating an effective attack surface management tool into your security strategy can significantly help you mitigate the risks of data breaches. In fact, according to the Cost of a Data Breach study, organizations that deployed an ASM solution were able to identify and contain data breaches in 75% of the time of those without ASM. The breach containment was also 83 days faster for organizations with ASM than those without.

Figure 1 — Comparison of the mean time to identify and contain a data breach for organizations with and without an attack surface management solution

5 ways IBM Security Randori Recon helps build resilience to data breaches

Businesses can proactively reduce their vulnerabilities to a range of cyberattacks like ransomware, malware, phishing, compromised credentials (resulting from poor password policies) and unauthorized access, employed by hackers. They can achieve this by actively managing and reducing their attack surface. IBM Security® Randori Recon, an ASM solution performs an important role in your data protection strategy.

1. Finding unmanaged systems and high-value assets

Shadow IT and orphaned IT hide more workloads, servers, applications, and other assets from security teams than they know. Because hackers don’t limit their surveillance efforts to what’s in your inventory, these unknown assets put you at risk.

To help you find and secure high-value assets that are most tempting for attacks, Randori Recon identifies your organizational exposures in a high-fidelity and low-impact manner, keeping false positives under control and reducing alert fatigue.

Figure 2 — Defending the US Open digital platforms starts months before the tournament begins

The US Open, one of the most highly attended sporting events in the world, leverages the IBM Security Randori Recon solution to defend their digital platforms—which are on the receiving end of more than 40 million security incidents over the course of the tournament. Using Randori, the team conducts a comprehensive attack surface analysis, scanning the entire network for vulnerabilities, including third-party or adjacent networks. Following this security reconnaissance, Randori then ranks those vulnerabilities by their attractiveness to hackers, allowing the team to prioritize its response.

2. Identifying exploitable vulnerabilities and misconfigurations

Poor visibility into your external risk posture can prolong your attack remediation process. Finding misconfigured management panels, expired access permissions, and other unexpected vulnerabilities can be impossible with manual processes.  

Automated ASM tools like Randori Recon provide organizations with a comprehensive view of their entire digital attack surface, showing potential entry points—including attack vectors that can bypass antivirus, firewall or other security defenses—that cybercriminals might exploit.

3. Prioritizing your cyber risk

While all vulnerabilities are important, not all of them are immediately dangerous or likely to be compromised during a breach of your digital perimeter. Shifting your focus away from the patch management whack-a-mole game and concentrating on the vulnerabilities that pose the highest risk to your organization can help.

Randori Recon uncovers attack patterns and techniques that are more likely to be exploited by a real-world attacker. It flags high-value assets with its risk-based prioritization engine and creates a stack-ranked list of your most risky targets.  

By understanding your attack surface, your organization can prioritize vulnerabilities based on their severity and potential business impact.

4. Ensuring adherence to security processes 

From access management protocols to VPN configurations and firewall audit workflows, security processes can fall behind as your organization grows or adapts to the needs of a remote workforce.

You can gain insight into whether your security processes are keeping pace with your expanding attack surface through continuous attack surface monitoring. Randori allows you to get real-time insight into whether your security processes are applied uniformly and improving your resilience.  

ASM provides visibility into potential weak points and helps you implement layered security controls. By strengthening the various layers of your defense, such as network security, endpoint security, and access controls, you can reduce the risk of a successful data breach.

5. Providing remediation guidance

Randori Recon helps you improve your cyber resilience by suggesting remediation steps.  

It provides in-product guidance on how to address specific vulnerabilities and detailed write-ups of strategies to help reduce your overall exposure.

With this enhanced knowledge, you can distribute your resources more efficiently and focus on critical vulnerabilities that pose the highest risk of a data breach.

Best practices for data breach prevention  

To enhance your cyber resilience, it is vital to build security in every stage of software and hardware development. You can strengthen your data breach prevention strategy by: 

  • Safeguarding assets with a zero-trust approach and understanding your company’s potential exposure to relevant cyberattacks   
  • Conducting app testing, penetration testing, vulnerability assessments, and social engineering scenarios from an attacker’s perspective to identify and patch vulnerabilities before they result in a data breach 
  • Using multifactor authentication and strong passwords to strengthen the protection of personal data and personally identifiable information (PII) to prevent identity theft 
  • Training employees to increase their security awareness and enabling them to make informed decisions in protecting sensitive information
  • Maintaining offline data backups to prevent data loss and recover quickly in case of emergencies 
  • Rehearsing incident response (IR) plans and establishing a team well-versed in IR protocols to reduce costs and breach containment time

Mitigate data breach costs with Randori Recon

An effective ASM solution like Randori Recon can help businesses identify and mitigate potential risks before they can be exploited by malicious actors. The Total Economic Impact™ of IBM Security Randori study that IBM commissioned Forrester Consulting to conduct in 2023 found 85% reduction in losses due to an external attack totaling $1.5 million. According to the study, by reducing the amount of time an exposed asset is left “in the wild,” financial and brand impacts from an attack can be avoided.  

While security measures should extend beyond attack surface management to include practices like encryption, strong access controls, employee training and more, by proactively managing your attack surface, you can significantly enhance your security posture and reduce the likelihood and impact of data breaches.

Explore IBM Security® Randori Recon


More from Security

Security AI and automation are key in protecting against costly data breaches for retailers and consumer goods businesses

3 min read - The rise of online commerce over the last two decades has completely transformed the retail and consumer goods industries—and with smartphone adoption accelerating globally, the share of shopping done via the internet will only continue to expand. But this growth in digital sales can come with a hefty price tag for retailers and consumer goods businesses: a much greater risk of data breaches. According to a recent study by IBM Security, the 2023 X-Force Threat Intelligence Index established the retail…

Closing the breach window, from data to action

6 min read - Accelerate threat detection and response (TDR) using AI-powered centralized log management and security observability It is not news to most that cyberattacks have become easier to launch and harder to stop as attackers have gotten smarter and faster. For those defending against cyberthreats, things continue to get more complicated. The list of challenges is long: cloud attack surface sprawl, complex application environments, information overload from disparate tools, noise from false positives and low-risk events, just to name a few. The…

Spear phishing vs. phishing: what’s the difference?

5 min read - The simple answer: spear phishing is a special type of phishing attack. Phishing is any cyberattack that uses malicious email messages, text messages, or voice calls to trick people into sharing sensitive data (e.g., credit card numbers or social security numbers), downloading malware, visiting malicious websites, sending money to the wrong people, or otherwise themselves, their associates or their employers. Phishing is the most common cybercrime attack vector, or method; 300,479 phishing attacks were reported to the FBI in 2022.…

IBM Tech Now: September 18, 2023

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 85 On this episode, we're covering the following topics: The IBM Security X-Force Cloud Threat Landscape Report The introduction of IBM Intelligent Remediation Stay plugged in You can check out the IBM Blog Announcements…