A malicious asset, also known as a rogue asset, is created by a threat actor or unauthorized user to target a company. Phishing websites or mobile applications designed to appear as those owned by the target company, typo-squatted domains, and stolen data sets shared or sold on the dark web are examples of malicious assets.
Mergers and Acquisitions (M&A)
In mergers and acquisitions, two or more businesses are consolidated into one, either by combining two or more separate businesses into one new single entity or by one company purchasing and taking over the assets of another. M&A transactions expand the attack surface for the acquiring company or the newly formed entity, and many companies discover cybersecurity concerns during the M&A process. External attack surface management enables companies to conduct digital supply chain discovery and identify potential vulnerabilities before the transaction takes place, which helps inform decision-making and allows businesses to address security issues before merging or acquiring assets.
Misconfiguration is when an application’s or system’s settings are not selected or improperly implemented, which can leave the application or system vulnerable to unauthorized access. Misconfiguration can occur in a network, application, cloud infrastructure, and any component with settings.
In the context of cybersecurity, mitigation is a damage control process that does not completely eradicate a vulnerability or threat but minimizes the potential negative consequences that could occur with a breach.