Attack surface reduction is the processes and techniques involved with reducing the exposure available for attackers to perpetrate cyberattacks.
Hosts are often victimized due to unused software exposing attack surface to the attacker. Had this vulnerable software been simply turned off, firewalled, or uninstalled, the attack couldn’t have taken place to begin with.