A report by asset intelligence platform Sevco Security has found that the majority of organizations lack the visibility they need to secure their assets. The report used data from nearly one million IT assets across 500 different organisations, and found that roughly 20% of assets were invisible to security teams.
More precisely, organizations may have windows and doors that IT/Security teams do not even know about, or lack digital locks to prevent entry to sensitive areas. Sevco concluded from its report that the vast majority of the organizations do not have comprehensive visibility of the assets they need to secure. Attackers would be capable of entering the company's network via ways that would be untraceable by the security team or by the software used by the company to protect against cyberattacks.
These entryways consist of "employees' personal devices, as well as devices and servers used in shadow IT projects conducted outside the scope and purview of IT and security teams" according to Sevco CEO J.J Guy. These devices are missing the security tools that will protect the company's IT Environment should these devices get exploited.
Windows and macOS devices lack protection
Besides IT assets belonging to employees missing protecting, the report also stated that nearly 27% of IT assets are not protected by necessary software:
- 23% of Windows servers are missing endpoint protection.
- 21% of Windows servers go uncovered by patch management.
- 6% of Windows servers are not in any enterprise software inventory.
- 14% of Windows clients accessing corporate assets are not enterprise devices.
- 5% of macOS devices accessing corporate assets are not enterprise devices.
In addition, 17% of endpoint protection software had gone stale. Stale licensed software (software whose license expired, doesn't exist or has been incorrectly taken offline) may represent a security threat, and so do orphaned assets (devices or software which have not been checked in a considerable amount of time).
Finally, the report concludes that organizations should do a thorough auditing of their IT tools and ingress to their networks. "In order to maintain the upper hand against sophisticated adversaries, it is critical for IT and security teams to maintain an accurate and up to date asset inventory that reflects the reality of their dynamic environment".
Other Posts you might be interested in:
Dutch cybersecurity firm ThreatFabric has detected a new variant of the Android Trojan Xenomorph, classified as Xenomorph.C. This new version introduces a number of new features, which allows attackers to automate fraudulent transactions without human interaction. Xenomorph's creators, Hadoken Group plan to target hundreds of banks across all continents.
Read More
Microsoft and HPE faced separate breaches by the state-sponsored threat group Midnight Blizzard, with the latter's attack involving data theft from HPE's cloud-based email environment. Both incidents were initiated through password spray attacks, emphasizing the need for organizations to implement multifactor authentication and robust security measures. The challenges posed by nation-state actors underscore the importance of thorough incident response plans and heightened security standards to adapt to the evolving threat landscape.
Read More
Following statements made by the White House in May regarding the dangerous uses of AI, the biggest companies spearheading AI development including Google, Meta, Microsoft, OpenAI and Inflection have agreed on a list of eight voluntary commitments, with the ultimate goal of meliorating safety and usage of AI tools.
Read More