Data is one of the most important resources organizations have, but it’s challenging to protect.
Cybersecurity-related data is everywhere in an organization — the devices, cloud services, software, and users. Having all of these assets only expands the cyberattack surface for threat actors to target. And increases the risk and cost for an organization.
The global total cost of a data breach now averages $4.35 million — an all-time high — in 2022, according to IBM’s “Cost of a Data Breach Report 2022.” The cost of these data breaches steadily increased from 2020, up from $3.86 million.
Other findings of that report include:
- 83% of organizations studied had more than one data breach.
- 79% of critical infrastructure organizations (e.g., financial services, energy, healthcare) didn’t deploy a zero trust architecture.
- 277 days is the average to identify and contain a data breach in 2022, down from 287 days in 2021.
For IT and cybersecurity teams, figuring out what security solutions to use and understanding their organization’s attack surface is adding even more complexity to protecting their data.
“There’s so much noise,” said Dante Richardson, security delivery associate director at Accenture during the Axonius webinar, “CISO Insights: How to Understand Impact Through Asset Management and Threat Intelligence.” “We're losing ground on just the actual ability to get the easy things that we should have been able to catch before, whether it is a simple server or a simple access that someone has.”
“There's a subscription to everything. I can get a Netflix account. I can get a Hulu account. I can get an HBO Max account,” he explained. “The same thing applies to all those security tools out there, too. A lot of times, I'm working with clients where they have the same tool in different departments. They have a Splunk instance here, a Splunk instance there, but none of that data is always coming together. And they have all this data noise in their day-to-day that doesn't really tell them any contextual information about what is the actual impact of this thing being compromised in [their] environment.”
Connecting data and threat intelligence
All this noise puts more pressure on IT and cybersecurity teams.
Knowing what’s happening with every asset is an important function for these teams. But it’s difficult if teams like incident response, security operations center, and risk management can’t work together or share data to have a clear view about what’s happening. Or even how everything is — or isn’t — working together.
This is even harder for these teams if they’re manually compiling asset inventories. Due to the constant changes in cybersecurity environments, the results are unfortunately already obsolete by the time an inventory is complete.
All this complexity makes it challenging for IT and cybersecurity professionals to truly understand the threat surface they need to protect.
For Richardson, the key is turning data into information so organizations will have threat intelligence.
“What are the threats that are associated internally … and externally?” he said. “But then you have those actors, those key things, those key people, the techniques and procedures that we all get information about. And then you have your known vulnerabilities. What are the vulnerabilities that those actors can use to actually exploit my system from an external and internal perspective? Because I may have cases in which my internal team may not know that they are working with something that has a vulnerability associated with it. Just that little thing can be a key entry point to have that actor get into your system and immediately have access to a lot of your infrastructure.”
“So making sure that you have the proper intelligence, all the information sets, and the data points associated with it can help you make that proper decision and lower the amount of decisions that you have to make.” Richardson added.
Finding clarity in your data
How can IT and security teams truly understand what’s happening in their organization’s IT environment?
This is where cybersecurity asset management plays a key role.
Cybersecurity asset management solutions track all devices, cloud services, software, and users wherever they’re located, or their uptime or power state. The best solutions do this by leveraging an organization’s existing data. These solutions provide a continuous, up-to-date inventory in real time, so IT and cybersecurity teams can automatically uncover and remediate security gaps when an asset or user deviates from policies.
The top solutions automatically take all these actions in the background, freeing up these teams from the repetitive, manual tasks involved in asset inventory to be more proactive. Through a cybersecurity asset management solution, they can control the complexity that comes with managing and protecting their environments and be more effective in mitigating threats, navigating risk, and decreasing incidents.