Your Personal Attack Surface
When we security types talk about “attack surface” or “threat surface,” we mean the part of our technology environment that’s potentially vulnerable. Think of your skin. We wear clothing to protect it from the sun’s harmful rays. A construction worker wears heavy leather to guard against wounds from tools and sharp materials. A cook wears an oven mitt to avoid burns. Any skin we leave exposed is vulnerable to these threats. We often deliberately accept these risks—for example, wearing just a swimsuit to the beach—sacrificing some security for some enjoyment and versatility. Ideally, we use good judgment and make a sensible, balanced risk decision. We can also use compensating safeguards (e.g., sunscreen) to limit the downside risk of our decision. ...