As the number of connected enterprise devices and applications grow, so does the enterprise attack surface, and cyber criminals are becoming ever more creative with their methods. In a recent Deloitte poll, 34.5% of executives said their organizations’ accounting systems and financial data had been targeted by cyber criminals over the last 12 months and nearly 50% expect attacks to increase over the next year.
Unpatched software, end of life (EoL) servers, and outdated operating systems create lucrative opportunities for cyber criminals, as do mergers and acquisitions (M&A). The attack surface is increased as more devices and applications are introduced into the IT estate and highly public deals can put companies on the radar of cyber attackers.
Without a clear view of the hardware and software being accessed and used, cybersecurity breaches can go undetected for months. When a vendor failed to report that their credentials were stolen, attackers were able to access the Home Depot POS system, which recorded customer credit card details, leading to 56 million cards being compromised. Target also experienced a data breach when cyber criminals gained access through a third-party HVAC system, costing it $18.5 million and raising concerns about securing smart offices.
Cyber security risks don’t always originate online, however, and the loss of data-bearing equipment can also place an enterprise at risk for fines and potential lawsuits. That’s the position Morgan Stanley found itself in when, during data center decommissioning, unencrypted equipment containing customer data, found its way into the hands of unauthorized third parties. The company incurred costs that included $60 million to settle a lawsuit brought about by customers and a $35 million fine from the SEC.
Highly regulated industries, including healthcare and finance are seeing both risks and penalties growing. But the explosion in remote/hybrid workforces over the last few years that has fueled the deployment of more connected devices, increased SaaS adoption, and shadow IT is making proper IT asset management (ITAM) almost impossible. A ‘State of SaaS sprawl’ report revealed that the average company has 254 applications, with 56% of all apps being used as a result of Shadow IT.
To avoid non-compliance, fines, and loss of reputation, IT should take steps to limit risks:
With only around a third of IT tasks automated, discovering, tracking, updating, and patching a growing list of assets will become increasingly challenging if managed manually.
By automating ITAM activities you can streamline cybersecurity threat assessment and the methods you use to limit risks. You can do this using a digital platform conductor (DPC), a tool recognized in 4 Gartner hype cycles.
A DPC provides clear visibility of your estate by connecting to your CMDB, global policy systems, configuration platforms, identity management systems, ITSM tools, security monitoring and alert systems, and other data sources. It collects, aggregates, and analyzes the data they contain in real-time to give you a holistic view of all assets and interdependencies, including where assets are, who uses them, OS/patch status, and more. It then uses that data to orchestrate your tools and automate cybersecurity risk management and remediation workflows.
Using a DPC you can:
Book a demo with ReadyWorks to understand how to reduce cybersecurity risks in your enterprise, using a digital platform conductor.