NO INVENTORIES
“I don’t think we are using this application anymore?”
COMPANY
Sector: Construction
Size: 1-10 employees
Location: Wallonia
FACTS & FIGURES
23 out 24 were affected
Protection efforts: Low
Business Impact: Medium
CONTEXT
During our security assessment in a construction company with 9 employees, we asked for a list of their assets. The company was not able to list their assets and software and did not have any centralized list. We have seen that almost none of the SME companies, where we conducted a cybersecurity macro-assessment had a clear view on their IT infrastructure.
INCIDENT OVERVIEW
During the workshops of the SPF trajectory, we asked for inventories of IT assets there was no formalized list made up. It is important to know what you have, to know what to secure. It is also an essential part of each cyberframework including CyFun, CIS and NIST.
BUSINESS IMPACT
To effectively safeguard an IT infrastructure, it is crucial to possess a comprehensive understanding of the devices, software, and data you employ. Familiarizing yourself with these components is vital as it establishes the foundation for protecting and securing your system effectively.
The absence of a comprehensive inventory of IT assets can present various challenges for businesses:
Operational Inefficiency: Without proper inventory management, organizations may struggle with inefficient use of technological resources.
Increased Vulnerability: Lack of visibility into assets can make them more susceptible to breaches and security threats.
Compliance Challenges: Many cybersecurity frameworks require organizations to maintain clear inventories of IT assets to ensure compliance.
Additional Costs: Inefficient management and security vulnerabilities may lead to additional costs for organizations.
SECURITY MEASURES
Creating an inventory of assets, software, and data is an essential step in managing IT resources effectively, whether they're on-premises or in the cloud. Having a clear inventory helps organizations to know what to secure, keep track of their IT resources, use them efficiently, and ensure compliance with regulations. It's a simple yet crucial measure for maintaining control and security over technology resources.
This process involves making comprehensive lists of all:
Hardware
Software
Data
Virtual servers
Other services
RESOURCES
Inventory Spreadsheet: Link Inventory Spreadsheet
Free inventory tool: Link Inventory Tool