Shadow IT: Mapping Switzerland’s External Attack Surface
Shadow IT doesn’t come from one bad decision. It builds up over time as infrastructure grows, people move between teams and companies, vendors deploy systems, cloud environments change, and documentation falls out of date. A single forgotten development instance or an untracked database server can become the path to a serious breach. I have spent years running Internet-wide scanning and building the tooling behind it at FullHunt. I have also run hundreds of security reviews focused on Shadow IT and the ways organizations gradually introduce risk into their external attack surface. In this talk, I’ll show how Shadow IT grows and scales across organizations and the recurring patterns I have seen in the wild. I will introduce the Attack Surface Reduction Maturity Framework, a practical model organizations can use to understand where they stand in their attack surface reduction journey and how they can move from outdated inventories to continuous visibility. Finally, I will present real findings discovered during this research and responsibly disclosed to Swiss organizations.
About the speaker
Mazin Ahmed
Read more …