A report by asset intelligence platform Sevco Security has found that the majority of organizations lack the visibility they need to secure their assets. The report used data from nearly one million IT assets across 500 different organisations, and found that roughly 20% of assets were invisible to security teams.
More precisely, organizations may have windows and doors that IT/Security teams do not even know about, or lack digital locks to prevent entry to sensitive areas. Sevco concluded from its report that the vast majority of the organizations do not have comprehensive visibility of the assets they need to secure. Attackers would be capable of entering the company's network via ways that would be untraceable by the security team or by the software used by the company to protect against cyberattacks.
These entryways consist of "employees' personal devices, as well as devices and servers used in shadow IT projects conducted outside the scope and purview of IT and security teams" according to Sevco CEO J.J Guy. These devices are missing the security tools that will protect the company's IT Environment should these devices get exploited.
Windows and macOS devices lack protection
Besides IT assets belonging to employees missing protecting, the report also stated that nearly 27% of IT assets are not protected by necessary software:
- 23% of Windows servers are missing endpoint protection.
- 21% of Windows servers go uncovered by patch management.
- 6% of Windows servers are not in any enterprise software inventory.
- 14% of Windows clients accessing corporate assets are not enterprise devices.
- 5% of macOS devices accessing corporate assets are not enterprise devices.
In addition, 17% of endpoint protection software had gone stale. Stale licensed software (software whose license expired, doesn't exist or has been incorrectly taken offline) may represent a security threat, and so do orphaned assets (devices or software which have not been checked in a considerable amount of time).
Finally, the report concludes that organizations should do a thorough auditing of their IT tools and ingress to their networks. "In order to maintain the upper hand against sophisticated adversaries, it is critical for IT and security teams to maintain an accurate and up to date asset inventory that reflects the reality of their dynamic environment".
Other Posts you might be interested in:
Explore the prevalent cybersecurity threats businesses face, including phishing attacks, ransomware, and insider threats. Discover the importance of partnering with a cybersecurity firm for tailored defense strategies, and why DeepBlue Computers is a good choice for your cybersecurity needs.
Read More
Microsoft addressed a data exposure incident stemming from AI researchers inadvertently sharing open-source training data on GitHub, leading to the exposure of 38TB of private information. The swift mitigation measures highlight the importance of secure data practices in the context of AI-driven initiatives.
Read More
There is a new threat that job seekers and employers should be aware of - phishing and malware campaigns that target individuals during the current economic downturn. By exploiting job-themed emails, attackers are attempting to steal sensitive information or hack into devices.
Read More