When we talk about asset inventory in the context of cybersecurity, we are talking about everything connected to the network and everything connected to the Internet. This can include hardware, software, devices, data, cloud environments, IoT devices, and the Industrial Internet of Things. (Credit: zenzen/Adobe Stock)

Asset management is essential to a robust cybersecurity program. Gaps in inventory, for both on-premises assets and cloud resources, can leave you with exposed attack surfaces and slow detection and response capabilities.

The past two years of working remotely due to the pandemic has resulted in less cross-departmental communication and, in many organizations, less oversight overall. Today, the likelihood of an organization having an incomplete asset inventory is greater than ever.

When we talk about asset inventory in the context of cybersecurity, we are talking about everything connected to the network and everything connected to the Internet. This can include hardware, software, devices, data, cloud environments, IoT devices, and the Industrial Internet of Things (IIoT).

Another way to think of these assets is as your attack surface – the number of all possible points, or attack vectors, where an unauthorized user can access a system and data. When organizations do not know the full extent of assets they have or the condition of those assets, it is known as an inventory gap. These shortcomings can make your organization vulnerable.

Why are inventory gaps such a problem for organizations?

Inventory gaps are a problem because they increase a company’s risk of suffering a cyberattack and because when such attacks do occur, the resulting investigation and recovery is much more difficult, time-consuming and costly.

We cannot secure a computing resource if we do not know it exists. Failure to keep patch schedules up to date leaves assets vulnerable to malicious activity, which in turn increases an organization’s exposure to cyberattacks.

When companies don’t know how many machines they have or when they fail to remove outdated systems and accounts in a timely manner, it’s easier for an attacker to hide and it takes longer to contain an incident. . Unknown assets mean untraceable risks and exposures.

What are some of the factors that lead to inventory shortfalls?

There are many factors that lead to inventory shortfalls and it’s understandable that organizations may not be able to address them all, all the time.

The first factor we often see is staff turnover. Hiring replacements can take time when employees leave an organization, and their responsibilities may not be sufficiently delegated to other team members in the meantime.

Not only do employees take important institutional knowledge with them when they leave, but their accounts may not be fully deactivated when they leave the company, often because “it might break things.”

The second factor that can lead to inventory shortfalls is remote work. With so many employees working from home, companies don’t always know who is accessing their systems. More and more people have email on their phone, or may be connecting to an unsecured network, or may even be sending corporate data to their personal email or computer. All of this makes it difficult for companies to stay on top of their assets.

Lack of resources is the third factor that we see regularly. Many organizations don’t have the budget to dedicate human resources to analyzing, monitoring, and maintaining their inventory. It is not uncommon for organizations to be unable to afford the proper tools to perform attack surface monitoring.

Whatever the reason, the end result is the same: gaps in inventory leave an organization’s assets vulnerable to skilled criminals.

It’s not just about technology, it’s about people and process

Beazley's Tasha Fasce.  (Credit: courtesy photo) Beazley’s Tasha Fasce. (Credit: courtesy photo)

Even if an organization is blessed with a massive budget, its employees should strive to know what assets they have and allocate responsibilities for managing those assets appropriately. The key is to have leadership in place that understands the importance of asset management, knows how to maximize the technology they have or are likely to buy, and is prepared to execute consistently.

In the end, it’s not just about budget and tools. It’s about culture and having a team of dedicated and responsible people. Educating your employees on issues such as asset management and creating a motivated culture to eliminate inventory gaps will go a long way in protecting your organization from the risk of cyberattack.

Tasha Fasce is Head of Cyber ​​Services at Beazley.

The opinions expressed here are those of the author.

Related:

Source link

Leave A Reply