Understanding the cyber attack surface Historically, the “attack surface” was limited to well-known points of external exposure—the traditional perimeter of websites, external IP addresses, and endpoints. Our cyber attack surface has expanded dramatically over the past five years, now encompassing our cloud estate, millions of devices at the edge, and mobile and remote workers, in addition to our internet-facing infrastructure. This expansion of the definition to include cloud, end-user, and internal assets has been driven by the increasing sophistication of cyber attacks. The table below breaks down today’s complex attack surface into several categories, based on a framework presented by…