IT and operational technology (OT) devices are increasing in number, diversity, and geographical spread at many organisations. This infrastructure is integral to the productivity and competitiveness of these organisations, but in turn generate issues for management teams. Proper and secure asset management must be visible, up to date, and operate without introducing friction into the environment.
Computing's latest research on this subject, conducted in partnership with Armis, surveyed decision-makers responsible for handling IT/OT infrastructure within medium-sized enterprises. It reveals subpar monitoring of assets and a proliferation of unmanaged and off-network devices.
Out of date, out of sight, out of control
Only 34 per cent of respondents said they have an accurate and up-to-date Asset Management Database of their IT, Internet of Things (IoT), OT, Industrial Internet of Things (IIoT) and mobile devices. Three quarters of those surveyed reported they expect the challenge of managing this network to increase at least to some extent, with 34 per cent expecting it to increase greatly. Considering this expectation, it is worrying that current asset management systems are not entirely accurate or up to date. Organisations may see themselves as lagging and compromised because of their lack of asset management capabilities.
Keeping devices updated, secure, and performant are all connected issues that impact each other. Equipment running on outdated software will not be as secure and will have a detrimental impact on performance. These issues create security weaknesses and productivity disturbances. 69 per cent of respondents said they foresee difficulty managing updates in the coming years, posing a real risk to their organisation's security and performance.
Respondents identified unified visibility and control of IT and OT assets as essential, and while interest was almost universal, only 22 per cent have implemented this across managed and unmanaged devices within their infrastructure. Organisations have severely compromised visibility of their managed assets, seriously harming security. Just 44 per cent said they have insight into all network connections in their infrastructure and how that traffic flows, and only 40 per cent said all devices on their network, including OT and Industrial control systems (ICS), have been identified. These findings reveal the majority of organisations are fighting to maintain even partial visibility of their IT and OT assets. Partial visibility is not enough to mitigate cybersecurity risks.
Cyber risk is financial risk
The research also found 85 per cent at least somewhat agree that ineffective remote IT/OT management presents a cyber security risk to organisations. Ransomware moves laterally through networks, often compromising backups before victims are cognisant. Cybercriminals are exploiting mismanaged asset visibility - fertile ground that is constantly growing.
72 per cent said their organisation experiences cyberattacks against their IT/OT/IoT environment at least monthly, with 32 per cent reporting it as a daily occurrence. Alarmingly, 13 per cent did not know the frequency of attacks targeting their organisation. Clearly, there is a lack of discernible assets and attacks.
Computing's research reveals enterprises must get on top of their ever-growing pile of assets. Increasing infrastructure sprawl generates management challenges that must be recognised by IT leaders. Currently, they are being hampered by poor visibility, placing a serious risk on their organisations' security, financial, and reputational standings.
Cyber-savvy criminals are taking advantage of obscured asset visibility, slowness to update systems, and lack of network segregation. Enterprises must have a centralised view of their technology assets in order to compete in the digital economy and sustain secure connections. The cost of not monitoring, patching, and supporting services can be the difference between data security and data breach.
This post was funded by Armis.
