Threat actors like WannaCry are searching 24x7 for something very simple; open doors into vulnerable networks through which to penetrate and derail governments, businesses, hospitals and communities.
The question for CIOs is clear - “How do I find those network vulnerability doors, before the hackers do, and shut them tight?”
To date, WannaCry has spread to over 300,000 devices across 150 countries and paralysed hundreds of organisations within hours. And in the weeks since, many more attacks have followed, all built on the same simple formula; find open doors into networks, and wreak havoc.
CEO of global SAM consultancy SOS, Filipa Preston, has some simple advice,
“Two things we know for sure are 1) attacks will continue, and 2) networks with fewest vulnerabilities (open doors) will be the least affected.”
Find the open doors
Running unsupported software leaves a gaping hole in an organisation’s security posture. From OSs to PCs, on or off-premise servers, and software consumed in any number of ways, non-compliance - which can take many forms - is a vulnerability; a vulnerability that hackers will find and exploit to penetrate and harm the organisation.
Unfortunately, no amount of cyber security outsourcing or use of antivirus/anti-malware tools will protect a network from malicious attacks.
IT teams need to efficiently patch or otherwise make current their IT assets, or isolate them to protect them from network exploitation.
High network hygiene without question reduces vulnerability to attack. Every non-compliant software instance opens the door to hackers.
Unfortunately, no company is immune; the next attack is imminent, and the attacks will grow.
Keep the doors shut tight
A nightmare for Hackers would be a network with a dynamic hygiene strategy in place; one where software does not become unsupported and the doors Hackers look for are never left open.
Software Asset Management (SAM) is the practice of managing your organisation’s software assets to optimise costs and remove risks to the organisation.
Often people see the risk side as nothing more than license compliance, or, the “risk” of unbudgeted costs after a vendor-initiated audit.
Exposing organisations to cyber risk by running unsupported software is far more costly than any unbudgeted expense.
SAM is crucial to cyber security, and yet it is rarely included in any cyber functions, plans or activities within organisations. How is it possible to measure how well a cyber security function performs without first understanding which information assets are at risk?
The role of true SAM Professionals is to vigilantly manage the integrity and security of IT assets and for this to serve as a powerful driver of reduced risk.
SOS is a pure SAM consultancy, helping our clients to find and close the doors Hackers look for, and to keep them closed. With our enterprise software scanning technologies and Cyber SAM services, we help our clients see which software is deployed and where, while highlighting compliance risks and vulnerabilities across their networks and devices at any given time.
It is those organisations that can maintain hygiene and compliance, with the fewest instances of unsupported software in their network, that will be the toughest targets for Hackers to crack.
Close those doors, one by one, by including SAM in the organisation’s cyber functions to improve cyber posture. Only by doing this can an enormous reduction in risk be assured.
* Filipa will be expanding on this topic during her workshops on day 1 at the US and Australian ITAM Review Annual Conferences 2017. Find out more and register at the following links:
ITAM Review US Conference: September 27 - 28, 2017
ITAM Review Australia Conference: 22nd & 23rd November 2017