50% of cyberattacks target unknown assets according to an MIT Technology Review Insight survey. The survey found that most businesses are aware of cyberattacks that have affected them, and that half the cyberattacks were attributed to unknown or unmanaged digital assets.
The survey highlights the need to effectively implement a foundational cyber security control that becomes trickier and more cumbersome as technology and complexity grows.
Center for Internet Security (CIS) first critical security control is creating and maintaining an Inventory and Control of Enterprise Assets.
A fundamental part of cyber security is first identifying digital assets, then effectively maintaining them. This critical process allows the business to adequately assess and apply the level of protection that each asset needs.
What are digital assets?
Digital assets in this context include end-user devices, like laptops, phones, workstations, networking devices, corporate servers, and all other connected Things (IoT devices).
Safeguarding these assets requires more than managing known assets – it includes the ability to discover rogue devices connected to the network.
It’s important to know that every digital asset that exists within your environment could be subject to risks or vulnerabilities that lead to a breach of business data and your network as a whole. If one asset is compromised, it can lead to a broader attack.
“…it takes attackers less than 45 minutes [to] scan the vastness of the internet for vulnerable business assets”
Continuous and Effective Management
Only half of the surveyed companies continually monitor assets, and only a few more (57%) noted an asset inventory as a critical precautionary measure.
It’s important to implement an ongoing process of asset discovery and management as digital assets and infrastructure change over time and more services are shifted to some form of cloud service.
How many digital assets are exposed?
Your business attack surface is the number of possible areas where an attacker can access a system and extract data or it’s the “sum total of the nooks and crannies hackers can pry into”. The smaller the attack surface, the easier it is to manage digital assets and protect the business.
A large part of the problem is the unprecedented speed at which technology teams deploy cloud servers and services.
Almost every business uses some form of cloud component and businesses are rapidly moving digital assets to the cloud.
Assets may be scattered across multiple locations, remote workplaces, home networks, and large networks. Safeguarding any newly created assets requires a structured process of approval, discovery, and onboarding as a known inventoried item.
In summary, your business needs to:
- Discover all digital assets – 50% of cyberattacks target unknown assets
- Remove assets no longer needed to break the “set-it-and-forget-it” mentality
- Inventory each asset and start managing each one
- Create a process of continuous discovery and onboarding
- Create a process of approval for each newly created asset
How do I stop cybercrime from affecting my business?
Play your part in preventing cybercrime. If you or your business experiences any cyber security issue, report it and Cert NZ help you identify what it is and what your next steps are to resolve it.
Use this link to report it to CERT NZ immediately.