Cybercrime is a growing epidemic that affects businesses of all sizes. Organisations have a responsibility to protect the data of their employees and customers. So they are investing in expensive hardware and software solutions. Yet businesses don’t realize that without effective management of those solutions, every component they add to their IT inventory becomes a new point of vulnerability. Cybercriminals can exploit unaccounted and out-of-date hardware and software to hack systems. So companies need to put effective IT asset management solutions in place.
What IT Asset Management (ITAM) Entails
IT managers have to keep track of their IT inventory. They have to deal with contracts, licenses, updates, and regulatory compliance issues. The use of the cloud and mobile devices are adding new layers of complexity. In the early days, managers could get away with using spreadsheets to keep track of their IT assets. Today most sophisticated operations use some form of IT inventory management software. These tools are better suited to deal with various aspects of IT asset management:
Hardware Asset Management: IT departments have been dealing with servers and workstations for a long time. But that doesn’t mean that it has gotten any easier. A good ITAM practice requires that hardware is properly tagged and tracked throughout its lifecycle. The firmware of each hardware needs to be updated regularly. A good IT inventory management software has the provisions to handle the complexity of dealing with various aspects of hardware management.
Software Asset Management: Software provides a different set of challenges. IT departments have to prevent unauthorized software installations. They have to ensure security updates are regularly applied to installed applications and access management rules are followed properly. Good ITAM tools can keep track of software updates, license expirations, and compliance requirements. Regulatory audits are easier with software asset management.
Cloud Asset Management: Cloud-based services like SaaS, IaaS and PaaS are relatively new developments. So IT departments are still trying to figure out how to address various issues. In a pre-cloud environment, teams had total control over the IT inventory. But cloud environments use the shared responsibility model. Most ITAM tools are still not highly evolved for cloud asset management. So IT teams need to pay special attention in this area.
End-User Mobile Device Management: More companies are adopting bring-your-own-device (BYOB) policies. Even though its great for productivity, its a nightmare for implementing security. Tracking and monitoring BYOB devices through IT inventory management is a high priority for IT departments.
Why ITAM is Crucial for Effective Cybersecurity
For any modern organisation, it’s not possible to create a robust cybersecurity program without having an efficient ITAM solution. There are just too many tools and services to keep track of.
For example, a single employee might have a PC, a mobile phone, and a tablet. In addition, the employee might have access to various servers and cloud applications. If cybercriminals can obtain even one password to any of these endpoints, they can often use that password to hack into other systems to gain more valuable information.
Also, cybercriminals can launch sophisticated phishing attacks, exploit software vulnerabilities or steal employee devices. IT teams need to fight battles on all fronts by keeping software and hardware up-to-date and having the capability to shut down stolen devices. Recent attacks in the UK shows cybercriminals are taking advantage of all these vulnerabilities.
British Airways Hack: Financial information of around 380,000 British Airways passengers were hacked during a 15-day breach in August 2018. Initially, British Airways didn’t know how the hackers got access to the data as there wasn’t any internal breach. Later security experts discovered that the scripts for its baggage claim information page were changed just before the hack started. The cybercriminals exploited the weaknesses of those scripts to intercept customer information. This shows an important reason for having ITAM solution. There is no information available about how BA managed its IT inventory in this case. But good ITAM solution would make finding vulnerabilities like this easier for security experts. Experts would be able to discover problems faster using ITAM historical data. Without proper ITAM, the same task will take significantly longer or even make the problem untrackable. It will increase the chances of future attacks.
NHS WannaCry Attack: The WannaCry ransomware attack of UK’s National Health Services (NHS) caused canceling of 19,500 medical appointments, locking of 600 computers at GP surgeries and put 5 emergency centers out of service. The damage could have been worse if a security researcher hadn’t accidentally discovered the kill-switch to the ransomware. But this attack could have been prevented in the first place through IT asset management. If NHS had updated their Windows operating system properly, the WannaCry could not have caused this havoc.
Establishing a Cyber Resilient Business Using IT Asset Management
IT asset management will not solve cybersecurity problems automatically. Businesses need to design and implement their IT inventory management software with cybersecurity assessment in mind.
However, cybersecurity-aware ITAM solutions will help your business in multiple ways. Here are some of the benefits:
Visibility and Transparency
ITAM solutions designed with cybersecurity objectives will help you find security risks faster. If you have a configuration management database (CMDB) for your IT assets, you can easily pinpoint when a problem happens. With regulations like GDPR, this becomes more important as you are legally required to report your security breaches.
Early Security Threat Detection
Hardware asset management and software asset management tools keep historical records or logs of various information. This information is a great resource to recognize irregularities or anomalies. This data can help your business early detect cyber attacks and take preventive measures.
Data Traceability
Data is the most valuable resource for businesses in the information age. Your ITAM solution gives you the ability to organize and align the data from your employees, your customers, and your infrastructure. So you’ll have more control. It’s an important tool for tracking and securing data.
Cost Optimisation
Cybersecurity is expensive. Most companies stop tracking their hardware or updating their software due to the associated costs. Initially, an IT inventory management solution might take resources to set up. But it will save you time and money in the long-run. It will make tracking and updating hardware and software assets easier and more efficient.
In Conclusion
No solution can stop all cyber attacks. But an ITAM solution can help your organisation build the necessary security strategies to improve your chances of preventing an attack. And a robust ITAM solution can help your business stay safer.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.