Technology stacks have grown more complicated and hard to keep track of. Unsurprisingly, malicious actors have seized this opportunity to target organisations through any vulnerabilities present in these systems, with Australia experiencing a 15 per cent increase in ransomware-related cybercrime between July 2020 to June 2021, compared to the previous financial year.
It’s never been more important for Australian businesses to embrace a proactive approach to cyberattacks. The threat of an attack through misalignment of assets relative to compensating controls is on the rise, and cyberattacks are increasingly aimed at an organisation's ‘coverage gaps’ to exploit a point of entry.
Having a holistic overview of all the IT assets within an organisation is crucial to adopting a proactive outlook of a technology stack. In order to assess and reduce the risk of cyber attacks, organisations must have information about the assets they are looking to secure readily available, current, and continually refreshed.
Time is in short supply during a cyberattack, so what can organisations do to enable a more rapid response time?
Understanding risk starts with knowing what an organisation wants to secure
This is not just knowing of an asset, it’s having a full understanding of the asset. An organisation’s asset environment is dynamic and continuously changing. Security audits and compliance checks are often done quarterly or semi-annually and this is simply not adequate, as organisations need the ability to act based on current data. Knowing where Endpoint Detection and Response (EDR) agents were and weren’t deployed, or what cloud environments were and weren’t scanned a few months back is simply not good enough.
Malicious actors only need one misaligned control to gain access to sensitive data. Organisations must accelerate their understanding and evaluation of their security controls relative to their specific environment.
Why an asset data warehouse should be top of mind for every organisation
You can’t protect what you can’t see. The majority of Australian businesses currently do not have an aggregated view of all asset data to understand the intricacies of individual assets within their environment, the vulnerabilities associated with them, and the continuous monitoring of controls across these assets.
Concerningly, security and technology teams may still be relying on manual record systems that don’t provide true visibility into their various environments (IT, OT and IOT). The lack of this strategic capability significantly impacts an organisation’s ability to know its assets and understand the potential risks that assets are exposed to.
The foundation of every security program should be an understanding of the assets that need to be secured. The better the assets are understood, the more likely they will be suitably secured. This sets the trajectory for all the subsequent efforts in implementing a security program.
Asset data warehouses enable organisations to understand the impact and risk of a cyberattack
Organisations need to know all the information they have about all the assets within their environment. This information must be readily available, current, and regularly refreshed.
Time is everything during a cyberattack. An organisation is immediately on the back foot while trying to assess multiple data sets to gain an understanding of the impact and exposure of a cyber attack, they will need to find out which assets have been impacted. This can take anywhere from days to weeks.
An ‘asset data warehouse' of an organisation’s tech stack provides up-to-date information on every asset that is readily available. Having this central resource in place also helps to quickly answer questions like which assets might have possible exposure, associated vulnerabilities or coverage of compensating controls in the heat of a security incident.
A holistic overview of an organisation’s IT assets is crucial to shifting from a reactive approach to cyberattacks, and adopting a proactive, always-on outlook. Businesses need to move away from thinking reactively about cyber attacks and adopt a first principles approach that will enable them to mitigate risks more proactively.
About Vern Fernhout
Vern Fernhout, is the Country Manager for ANZ at Axonius.
Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy. With solutions for both cyber asset attack surface management (CAASM) and SaaS management, Axonius is deployed in minutes and integrates with hundreds of data sources to provide a comprehensive asset inventory, uncover gaps, and automatically validate and enforce policies. Cited as one of the fastest-growing cybersecurity startups, with accolades from CNBC, Forbes, and Fortune, Axonius covers millions of assets, including devices and cloud assets, user accounts, and SaaS applications, for customers around the world.