Cyber Resilience – Performing Asset Inventories

Conducting asset inventories is one of the foundational first steps in setting up a cyber risk management strategy. Since you cannot defend or secure what you do not know you have, performing asset inventories to gain network visibility is critical for all organizations large and small. Despite the overwhelming benefits of performing asset inventories, a recent report from the cybersecurity firm CYREBRO found that many organizations lack full network visibility. Network visibility is a clear awareness of the components, devices, servers, and data that make up a company’s network. Without network visibility, threat actors are more likely to move undetected and laterally through a network, allowing them to deploy malware and conduct other malicious activity.

The key to gaining network visibility, as noted above, is to conduct asset inventories. In fact, WaterISAC’s number one fundamental from its 15 Cybersecurity Fundamentals for Water and Wastewater Utilities is to Perform Asset Inventories. An asset inventory involves compiling a database of an organization’s devices, data, processes, personnel and supporting infrastructure and dependencies to other systems, both OT and IT components should be included. Conducting a physical inspection of your asset inventory is also a key requirement. Additionally, an asset inventory can help organizations identify exposed ports and services, servers, and outdated and end-of-life systems and applications. Finally, data collected during an asset inventory greatly helps companies when they are responding to a cyber incident. The CYREBRO report found that organizations lacking network visibility were more likely to be attacked and when they were attacked, the impact tended to be more severe. Read more at ThreatPost.