Through Ian Jennings, co-founder of BlueFort Security
The latest figures from Bloomberg’s Pret Index, a weekly indicator of returning to offices, stations and buying habits before the pandemic, reveal that bankers in London are returning to the office at a rate that has overtaken their counterparts in Paris and from New York. Spending at Pret a Manger’s stores in the City of London and Canary Wharf reached 86% of pre-pandemic levels last week, the highest since the start of the crisis.
However, many companies are still trying to close the circle of data security with staff who want to work more flexibly. Deutsche Bank has said it will let people continue to work from home two to three days a week once the coronavirus pandemic is no longer considered a threat, while the UBS Group has said at least two-thirds of the investment bank’s staff should be able to do this. of their work from home.
It is widely recognized that this hybrid working model has been – and continues to be – beneficial to many of us. But this new arrangement presents a significant data security challenge for financial companies, especially as many have turned to cloud-based services to allow employees to continue working during the forced order to ” Work at home “. For many CISOs, the reach of these cloud-based services was (and still is) outside of their organization’s visibility. The unintended consequence they now face is an increased risk of cybercriminals seeking to exploit a large, but unprotected threat surface.
In highly regulated industries, the importance of mitigating this new threat has become “critical” on the scale of things to be dealt with by IT and security teams. In October, the UK’s Financial Conduct Authority updated its guidelines for working from home, warning that it has “the power to visit any place where work is done, business is conducted and employees are based (including residential addresses) for regulatory purposes ”. The FCA said companies must prove that they have the systems and controls, including the necessary IT functionality, and that those systems are robust. They also need to be able to demonstrate that they have considered all data, cybersecurity and security risks, especially as staff may carry confidential equipment and laptops more frequently in an office. hybrid arrangement.
You can’t protect what you don’t know
This ancient cybersecurity maxim (ish) deeply illustrates one of the biggest issues facing cybersecurity professionals today: How do I defend my organization from attackers when I no longer know what my cyber looks like? domain ? To illustrate this point, a recent study found that 30% of CISOs admitted that since March 2020 they lost track of movers, newbies and leavers, and 29% said they were running out of mobile devices. business. This is a direct result of the forced labor of order at home.
The key problem for CISOs and their security teams is simple: You can’t protect what you don’t know is there. Knowing the assets that you have in your environment are essential if you want to apply effective security controls. It is much easier to protect the things you know.
Cyber security asset management explained
Cyber security is first and foremost about IT assets. When businesses are hacked, it is through their IT assets; their networks, hardware and software are the entry points for cyber attackers.
Poor asset management practices dramatically increase the likelihood that threat actors will be able to achieve their goals, whether that is stealing sensitive data, disrupting business operations, or bringing the organization into custody. danger. Asset management is essential to be able to address these risks effectively and consistently.
Cyber security asset management is the process of identifying, continuously and in real time, the IT assets that your organization owns and the potential security risks or gaps that affect each of them. From a cybersecurity perspective, assets are best described as something that needs to be configured or managed to achieve security outcomes or something that can be affected as a result of a cyber incident (usually the things that you are trying to protect).
Broadly speaking, a cybersecurity asset management strategy has four key elements:
- Gather data from any source that provides detailed asset information
- Correlate this data to generate a view of each asset and what it contains
- Continuously validate the adherence of each asset to the global security policy
- Creation of automatic actions triggered whenever an asset deviates from this security policy
Approach to cybersecurity asset management
Because IT resources and security risks come in many forms, managing cybersecurity assets is a process that involves a variety of activities. Hardware, software, virtual infrastructure, information, and online accounts all need to be considered.
The diversity of asset types and their sheer volume, even in small organizations, can make asset management a difficult task. Here are the key areas that should be addressed, broken down into relatively small tasks:
- Device Discovery and Protection: Identify network endpoints and assess each one for security vulnerabilities; ensure that all unsecured endpoints are immediately segmented from the rest of the network.
- Vulnerability Management – Detect and remediate active vulnerabilities, such as unpatched software running on a device.
- Cloud Security – Identify all cloud resources, especially those that are vulnerable due to insecure software or lack of access control.
- Continuous Policy Enforcement – When new devices are added to the network that match a particular device profile with an active policy, they are automatically protected.
Whether it’s at work or in our daily lives, we’re usually drawn to the things that seem to be the most exciting. When it comes to cybersecurity, threat hunting or the red team seems, at first glance, more exciting than asset management. But asset management is an essential foundational activity for all security programs, including those who spend their days spotting intrusions and fighting malware.
For asset management to deliver its full potential, it must be automated and easy to implement. Many organizations have already implemented some of the automated resource discovery and threat identification tools that can help get things back on track. And they need to get back on track, because any organization that relies on software and hardware to power its operations – which virtually every business does today – is putting itself at risk if it doesn’t.