When organizations think about IT governance and security, they often focus on protecting internal assets and data from external threats. But what if the threat originates from within the organization?
According to Cybersecurity Insiders' 2020 Insider Threat Report, 70 percent of organizations say insider attacks are becoming more frequent. What's more, 68 percent report feeling moderately or extremely vulnerable to insider attacks, and 56 percent believe detecting insider attacks has become harder since migrating to the cloud.
These statistics point to a growing possibility of exposure to threat from the inside-out by an employee, contractor or partner.
Although organizations typically invest heavily in security at the perimeter to ensure no outside threats infiltrate the network, they often neglect to safeguard the network from inside threats. Complete protection both within and outside of the "four walls" hinges on comprehensive asset discovery and management.
But the growing trend toward remote working due to Covid-19 has introduced IT governance challenges by widening the threat landscape.
The doors are locked, so how did the thief get in the house?
You're probably familiar with the "Trojan horse" -- a type of malware disguised as legitimate software. Hackers trick users via social engineering and other tactics, and load the malware onto a user's system to gain access.
When employees worked in the office, the bridge for the Trojan horse to cross was narrow and heavily guarded. Companies typically invest in multiple layers of firewall switches that can detect and prevent Trojan horses and other threats from getting in.
Only the sales people were on the road, and they would occasionally connect to the corporate network from their laptops over secure VPNs. But as more and more people take their devices outside the four physical walls of the organization, the devices become vulnerable and start posing a threat to the company network.
When employees connect their corporate laptops to home networks, they open new gateways for malware, ransomware and viruses. They may use their work computers for personal endeavors, such web surfing, gaming or viewing entertainment, for example.
An employee may unwittingly click on an add or download an app, and open the door for malware. This can happen easily if the user has local admin rights, but you need the right tools to find all local admins in your network.
Another major problem is that other devices that are not within the corporate IT department's purview are often connected to the home network, providing a conduit for hackers to connect to corporate devices.
The Internet of Things (IoT) further complicates the situation, as in many modern homes, numerous IoT devices -- think Alexa or Echo, smart heating systems and appliances, or video doorbells -- are also connected to the home network.
Most households also have streaming boxes such as Apple TV, Amazon Fire TV or Roku. IT Departments need to realize that the home network is becoming an important attack vector.
IoT devices have operating systems with software running on top, and although hackers usually have no interest in attacking someone's home network, they can leverage these devices, drawing on their processing power or using the devices as soldiers in the hacker's war to enter an organization.
Malware can live undetected on a home computer or IoT device for days or weeks, building momentum before launching a large-scale attack, causing devastating damage and potential financial losses for the organization.
A broader approach to IT governance
Until March of 2020, only 3.4 percent of the workforce in the U.S. worked from home on a regular basis. By April, about 20 percent of all U.S. employees were signing on from home, and for many organizations, 100 percent of their employees began working remotely overnight.
Given this new, distributed IT environment, it's essential that organizations know and monitor what goes on behind the firewall, as well.
What assets are connected to the network? Who's using them? How are they being used? Do they have the appropriate protections and up-to-date software installed? Are there vulnerabilities?
To answer these questions, organizations must progress beyond point solutions that address isolated aspects of IT governance, such as security.
Having the right data is critical to this. Security isn't limited to workstations, servers and network components -- it's far broader. There are plenty of tools for a variety of ITAM related scenarios, but each focuses on the subset of Assets that is relevant for their use case, leaving customers with either too little, or too much data, and still no control.
IT governance in today's environment requires maintaining a single source of truth that contains the depth and breadth of data necessary for all scenarios, including security outside and within the corporate perimeter.
ITAM 2.0: Inside, outside, anywhere your assets are
This is the challenge of ITAM 2.0-- protecting corporate networks using a bottom-up approach.
To effectively protect themselves from the inside and out, organizations need to be able to collect, analyze and report on every IT asset within and outside of the four walls in real-time, at any time and for any use case, and gain unprecedented insight into the health and security of the entire infrastructure.
Having this information alerts IT to any potential vulnerabilities on unprotected networked devices that could pose a threat to corporate data and assets -- a capability that's especially important now that the majority of the workforce is remote.
The basic premise of good cybersecurity is that you can't protect what you can't see. So the critical first step when it comes to basic cyber hygiene is to maintain visibility of your IT environments and develop the relevant daily routines to inspect and verify.
In terms of IT Governance, a single source of truth for all IT assets connected to the network is essential for compliance, revealing in easy-to-understand terms what devices have outdated antivirus software, OSes or other vulnerabilities that could open the door to malware or other threats.
As opposed to scenario specific tools that collect highly technical information on a subset of assets, network security reports need to be tailored for different business audiences, providing detailed data and actionable insight to IT staff, so they can perform necessary updates and patches. They also need to generate high-level reports tailored for CFOs and CEOs, to keep them informed at all times, without bogging them down with technical details.
Better governance and a stronger security posture
Securing the perimeter and valuable company & customer data will always be a critical function of enterprise IT organizations, and is necessary for complying with the various IT governance frameworks and regulations, such as COBIT, NIST, ISO and more.
But IT governance can't be limited to protecting your organization against external threats. Some of the worst, more damaging attacks come from the inside -- the Trojan Horse that has already infiltrated your four walls.
ITAM 2.0 takes into account our new reality: corporate assets are everywhere and can be connected to networks that contain vulnerable devices.
Only with a complete, 360-degree view of your IT infrastructure can you detect and protect corporate assets and your organization from the ever-evolving and rapidly expanding threat landscape.
Businesses need that single source of truth -- a complete and always-accurate asset inventory -- as well as the insight and reporting capabilities to enable effective, consistent and ongoing IT governance.
Roel Decneut, CMO, Lansweeper