Poor security governance that fails to adequately assess and manage the full IT estate leaves IT 'blind' when major issues are uncovered, such as the Heartbleed flaw that appeared in April.
This is the view of the director of IBM Institute of Advanced Security Europe Martin Borrett, who told V3 that firms often fail to understand the scope of their security requirements.
“When I look at Heartbleed it makes me reflect how important it is to have a well thought through incident response plan – being prepared to respond to the discovery of vulnerabilities in a timely and appropriate way “ he said.
“In order to do that you need to understand your assets, systems, services and have control of them so you know the scope of a vulnerability issue and how to deal with it.”
But this is often not the case, with companies unaware of the extent of their IT estates and what needs to be fixed in the aftermath of a new vulnerability coming to light. Borrett said there are usually two main issues that cause this.
“We see a number of mergers and acquisitions within organisations so their estate grows and sometimes those estates – the ones being acquired – don’t have the level of maturity of other parts of the organisations, so I think that’s a challenge people need to address,” he said.
“The other issue is IT sprawl. As people become more reliant on distributed systems and there are more mobiles in organisations it challenges basic service management principles.”
This was a point emphasised in a recent IBM Trusteer X-Force Threat Report, which noted that the organisations most at risk from Heartbleed were those that did not have an up-to-date IT asset database.
“Organisations that had struggled to maintain a current asset database were left blind to which systems were vulnerable and which systems were critical. Even if they had an incident-response plan, they needed an up-to-date asset database in order to deploy it,” the report said.
“On the other hand, companies that had maintained their asset database and incident response plan were able to rapidly deploy patches on critical systems vulnerable to attack, thereby reducing their exposure to Heartbleed. They also face significantly less risk for threats in the future.”
As a result, the report noted that despite Heartbleed being almost six months old, IBM's Managed Security Services (MSS) division still witnesses around 7,000 attacks every day that try to use the Heartbleed flaw to penetrate firms' systems.
Summing up Borrett said that there was no quick fix to any of these issues: “You need to have constant vigilance – that’s a phrase I use a lot – and that in turn reinforces the need for good governance and the need for preparedness. I think those three qualities are vital.”
The warnings are especially noteworthy after recent research into Heartbleed found that the first attacks exploiting the issue occured less than 24 hours after it was announced, underlining the speed with which crooks rush to exploit new hacks.
To get more insights on cyber security, register for the V3 Security Summit now.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago