What is an attack surface?
An attack surface is the collection of systems, accounts, services, devices, and people that attackers could try to use to reach a business.
Simple example
A company’s attack surface includes its website, email accounts, remote access, cloud services, staff devices, and suppliers.
Why it matters
Reducing unnecessary exposure makes it harder for attackers to find a way in.
Common warning signs
- The activity is unexpected or unusual for the business context.
- The request or system behaviour creates pressure to act quickly.
- Normal approval, verification, or security processes are bypassed.
- There are signs of unauthorised access, data exposure, or system change.
- Staff are unsure whether the request, message, or system behaviour is legitimate.
Cyber Doc view
This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.
What to do
Proactive steps
- Keep an asset inventory.
- Remove unused accounts, services, and exposed systems.
- Review internet-facing services regularly.
- Use MFA and secure configuration.
- Limit third-party access.
Reactive steps
- Identify which exposed system or account may have been used.
- Reduce unnecessary exposure during containment.
- Review logs for exposed services.
- Close or restrict risky access.
- Update the asset inventory after the incident.
Related terms
- Exposure
- Vulnerability
- Threat landscape analysis