Observatory antenna in the sunset

If you can’t protect what you can’t see, how do you manage cyber risk?

Many organizations struggle to stay cyber secure because they don’t know what IT assets they have so can’t implement appropriate controls.


In brief

  • Cyber crime and attacks are a major risk in an evolving global threat landscape.
  • If organizations do not fully understand their IT infrastructure and asset base, it’s very difficult to defend it or address breaches.
  • To start resolving this problem, organizations need solutions that focus on visibility and control, cyber hygiene and risk profiling.

The global threat landscape is evolving rapidly in a world of complex IT Infrastructure and shifting working patterns. It means organizations are exposed to more risks than ever. Yet less than half (47%) of organizations polled for the EY Global Information Security Survey say they understand and can anticipate the strategies attackers use. Every business is unique and requires a different approach to security, but many struggle to define, manage and provide governance on their specific security and technology environments.

In this environment, visibility and control, cyber hygiene and risk profiling are critical to any organization. Organizations need to have a clear understanding of their digital environment to identify potential vulnerabilities, flag security incidents and detect any unauthorized activities. Proper visibility means having a full picture of the network, systems, applications and data. IT leaders can then implement effective security controls, such as firewalls, intrusion detection systems, and access controls to mitigate risks and respond promptly to any security incidents.

Visibility and controls

CIOs can’t manage or protect what they can’t see. However, organizations often find it difficult to discover all of their IT assets, which can leave some vulnerabilities unrecorded – and unpatched. While it can be tempting to close the visibility gaps by investing in servers and other infrastructure, this can just add more complexity and is not necessarily an efficient use of financial resources.

The challenge is exacerbated by poorly maintained configuration management database, which rely on stale or incomplete data. Many of the asset discovery and inventory tools currently employed are unable to scale with real-time data, while stretched in-house resources or expertise limit what can be done internally. Finally, multiple-point solutions add to the complexity of the IT and data landscape.

This can all result in incomplete and inefficient software and hardware audits, which in turn leads to potential compliance and security risk. In-house teams and external service providers are unable to deliver value as they’re focused on reconciling data discrepancies.

Managed visibility and control

Learn more on this Managed Service powered by the Tanium platform that allows you to have complete visibility over all endpoints and enable enterprise-wide decisions within minutes.

ey atlas client edition audit team searching for content

Cyber hygiene

A secure and resilient digital environment relies on security best practices and measures such as regular software patching, system updates, strong password policies and user awareness training. Good cyber hygiene helps organizations reduce the likelihood of successful cyberattacks and minimizes the impact of any security incidents. But the task has become increasingly challenging in a world of distributed clouds and remote workers. 

Patching problems
of global IT Ops leaders report patching issues.

Research reveals that around two-fifths (43%) of global IT Ops leaders report patching problems with personal devices. And 38% are reducing their reliance on VPNs as a delivery mechanism for remote software updates. Deficient tooling creates serious enterprise challenges including slow or incomplete patching cycles, leaving a large window of opportunity for attackers. This, in turn, triggers security compliance issues and impacts the productivity of already stretched IT teams. Organizations also have to contend with a lack of visibility on their software license management and an inability to reliably distribute software across large volumes of endpoints.

Some of the world’s biggest breaches have been caused by unpatched vulnerabilities, costing victim organizations significant financial and reputational impacts. Software vulnerabilities remain one of the top vectors for corporate compromise. Their volume is growing exponentially every year, providing threat actors with a steady supply of bugs to exploit in attacks. Configuration errors such as insecure passwords open the door even wider. Yet finding and prioritizing these issues can be challenging in large, distributed enterprise IT environments.

Risk profiling and response

No organization is 100% breach-proof. But risks can be limited by risk profiling, which involves identifying, assessing and prioritizing potential risks and vulnerabilities in an organization’s information assets. This helps organizations understand their exposure to various threats and enables them to allocate resources effectively to address the most critical risks. By conducting risk profiling, organizations can identify weak points in their security posture, evaluate the potential impact of different risks, and develop strategies to mitigate those risks. This allows organizations to focus their efforts on protecting their most valuable assets and safeguarding against potential threats.

Exposure
days on average until a breach is identified and contained.

The key is to react with speed and precision when an incident does occur so that remedial action can be taken quickly to minimize any impact. Unfortunately, that’s not the reality for most organizations, which lack critical visibility into endpoint assets and malicious behaviour. The average time it takes globally to identify and contain a breach today is still way too long. And the longer bad actors are inside networks, the more damage they can do. This leaves businesses faced with mounting risk on several fronts, including:

  • Relying on fragmented tools and incomplete and outdated sources of truth
  • Lacking visibility of suspicious behaviour
  •  Spending excessive time in investigation, potentially increasing the risk of exposure
  • Mitigating the financial and reputational damage of a serious breach without understanding the true impacts
  • Maintaining compliance with a patchwork of data protection laws
  • Potentially flying blind in negotiations with ransomware actor

Individual approach

To meet the individual needs of their organization, IT leaders should seek to implement integrated solutions that bridge IT operations, security and compliance. On their own, most organizations will struggle to get this right – and to keep doing so as their inventory changes minute by minute. But by automating asset discovery, they will be in a far stronger position to defend themselves.

 

A single platform supports this undertaking by providing a shared source of truth, a unified set of controls and a common taxonomy that brings together siloed teams for a shared purpose – to protect critical information and infrastructure. Working with an external provider can be an effective and cost-efficient way to access these benefits and improve the overall quality of both security and operations.

Summary

Organizations face various challenges in the global threat landscape. Good practices in visibility and control, cyber hygiene and risk profiling combine to create a robust cybersecurity framework within organizations. This helps organizations proactively manage their security posture, minimize the likelihood of successful cyberattacks and ensure the confidentiality, integrity and availability of their systems and data. 

About this article

Related articles

Six New Year resolutions for financial services CISOs

What should be the priorities for financial services cybersecurity teams in 2022?