If you don't control the assets how can you make sure your organisation is secure and protected from cyber crime?
The Pentagon thought their cyber security policies were impenetrable, so they held a Hackathon. 1,410 Hackers found 1,189 vulnerabilities.
Everyone is vulnerable – even the Pentagon.
Why is Software Asset Management relevant to cyber security? As Software Asset Managers we deal with IT environment fundamentals. We go inside our clients’ environments. We open doors. We see Rogue IT; the unmanaged and unregulated IT resources, irregular installations and deployment practices.
As SAM Practitioners we may not have the specialist skills and resources to find Botnets in our clients’ environments and I’m not suggesting we should. We partner with Cyber Security Specialist practices to use their specialist skills to conduct penetration tests and bring down those behind a Botnet.
SAM brings intelligence and actionable information to protect your environment. You can’t implement policies and protect your environment if you can’t trust your data. When organisations have a clear understanding of their software estate, they are more prepared to build a resilient, adaptive IT infrastructure that can respond to threats to their internet security.
The data intelligence we provide our clients during our Cyber Security SAM engagements is relevant to cyber security. We provide opportunities for “Cyber Hygiene” in the following ways:
- Provide visibility to vulnerable IT Systems
- Test the integrity of IT usage and processes
- Help protect the organisation and its data
1. Provide visibility to vulnerable IT Systems
Find and report on illegal and high-risk software in the environment, e.g. BitTorrent installed on corporate workstations.
Identify unsupported software running on IT Assets e.g. Windows XP support ended in April 2012. Since then there have been no security updates. Running Windows XP, and any other software that is out-of-support is a cyber security risk.
2. Understand the integrity of IT usage and processes
SAM can identify user behaviour which breaches ICT security policies. Here are some examples of the types of behaviour our Cyber Security SAM Consultancy identifies:
- Admin accounts used by staff for day-to-day tasks. Attackers may deceive the user into downloading malicious code or opening email attachments that leverage application vulnerabilities and the user's privileges to extract locally cached credentials for all active users on the computer.
- Admin users accessing the Internet from Server consoles potentially opening up the environment to malware.
- Staff and Contractors accounts set to Passwords set to Never Expire
- Former staff retaining access to the network because their accounts have not been closed.
3. We help protect your organisation and your data
Identify IT assets without anti-virus/anti-malware protection: our scans show up workstations and servers without anti-virus/anti-malware software installed. Unmanaged devices don’t get automatic deployment of patches and software updates. A huge risk.
Highlighting password vulnerabilities: We identify users who have not changed their passwords e.g. for 12 months+) and interestingly those users are often CXO’s, Contractors, Service and Admin Accounts.
SAM is crucial to cyber security work and yet is rarely included in any cyber function or activities in the organisations we work with. We find this stunning.
The median time to detect infiltration in APAC is 520 days and 229 days in the USA. Think about the damage they can do in your corporate environment over this time. Is it possible to reduce that time with SAM? I believe Yes!
SAM done well provides basic security hygiene and assurance of your corporate data and IT Assets. Why wouldn’t you do it?