What does the concept of leverage have to do with Attack Surface Management?

John Survant

JAN. 25, 2023

The concept of leverage has been widely used by mangers to improve financial results, operational efficiencies, project management and the overall management of a business. So how can this concept of leverage be applied to Data Security?

Protecting your company’s information can be a costly endeavor. Once a management team has decided the level of risk, they are willing to accept, how do they decide which investments they need to make in Data Security? In other words, how much risk is reduced compared to the amount of money invested?

To answer this question, you should look at the primary areas of information security risk. Even more so, what are the most likely threats? How should they prepare for those most likely scenarios? What are the most important attack vectors they should secure?

Each company will be different depending on their business model, but you can pretty much count on one of the following avenues of compromise: internet attack, malware attack, social engineering, physical theft or loss of data, employee based.

Certainly, internet attack is one of the more likely scenarios management should be concerned with. If you could reduce your attack surface, or overall number of entry points, this would be one way to leverage your effort to get a strong return on your security investment. Management of your attack surface can help reduce your overall exposure by reducing the number of entry points into your system.