Verizon 2020 DBIR points to growing security risks from improper ITAM usage
Risks emanating from misconfiguration and other IT asset management (ITAM) errors are now among the fastest growing sources of security breaches. In particular, misconfiguration of hosts was identified by Verizon as the root cause of risk experiencing the most rapid growth according to the telecommunications company’s highly respected annual survey of data breaches.
Is your ITAM contributing to your risk of security breaches?
This leads to some questions, is your asset management a potential risk factor for your enterprise? How good a job is your IT team doing in making sure all assets are properly configured and managed? This is particularly relevant with widespread work-from-home and the soaring use of VPNs and home WiFi routers as primary access points to corporate networks. For their part, attackers have recognized this opportunity and are focusing on VPN vulnerabilities as a way to strike the soft underbelly of IT security and IT asset management.
In the 2020 Verizon Data Breach Investigations Report (DBIR), the fastest growing source of breaches was “misconfiguration”. In other words, human error. In fact, misconfiguration was the source of more than 20% of all breaches in the finance industry, the second highest source of breaches. With each breach costing on average $8.2 million, according to the IBM and Ponemon Institute “2019 Cost of Breach” analysis, misconfigurations can cost companies multiple millions per year.
Misconfigurations result from ITAM weaknesses
Configuration management resides in two locations inside IT. One is security teams managing configurations on security controls and networks. The other is IT teams managing configurations on specific assets. There is considerable overlap between these groups. While the security team may analyze vulnerability reports and run Breach-and-Attack Simulation efforts to proactively spot misconfigurations, IT teams handle patch management of devices, software and configurations for new hires.
The agility and competency of your ITAM system can play a critical role in reducing human errors that are the cause of most misconfiguration problems. If your ITAM systems are splintered, siloed or tend to have inaccurate information, then managing configurations effectively is nearly impossible. This is the status quo in many cases; few organizations have a global source of truth that reconciles PCs, Macs, smartphones and cloud infrastructure usage, and most have not even begun to address the risk associated with the expanded use of IoT devices. Yet all of these elements contribute to misconfiguration errors; VPNs are a juicy target, as are cloud storage buckets that are public-facing and may inadvertently be left wide open.
The four critical capabilities ITAM must deliver to mitigate misconfiguration risk
To help IT teams do a better job with the rote and repetitive drudgery of configuration management, we need integrated ITAM that can perform the following steps automatically as a workflow or as code:
- Validate that all exposed hosts across all assets are properly patched and encrypted
- Quickly identify hosts that are not
- Quickly notify the owners of those hosts as well as their managers (and in particular where the owner is a high security risk such as a company executive)
- Initiate automated workflows to remediate misconfigurations either by notifying a SIEM or SOAR system or through a ticketing integration (Jira, ZenDesk, ServiceNow)
In today’s threat environment, a static, legacy ITAM that has a limited or inaccurate view of the IT estate is a real liability. This type of old-style ITAM can undermine an enterprise’s well-designed security stance and cause manual errors by forcing humans to do jobs that are better suited to automated processes. The Verizon 2020 DBIR underscores the severity of this risk and elevates the question: can you afford to have an ITAM that doesn’t care about security?