#4 CASE STUDY - NO INVENTORIES

NO INVENTORIES

“I don’t think we are using this application anymore?”

 

COMPANY

  • Sector: Construction

  • Size: 1-10 employees

  • Location: Wallonia

 

FACTS & FIGURES

23 out 24 were affected

  • Protection efforts: Low

  • Business Impact: Medium

 

CONTEXT

During our security assessment in a construction company with 9 employees, we asked for a list of their assets. The company was not able to list their assets and software and did not have any centralized list.  We have seen that almost none of the SME companies, where we conducted a cybersecurity macro-assessment had a clear view on their IT infrastructure.

 

INCIDENT OVERVIEW

During the workshops of the SPF trajectory, we asked for inventories of IT assets there was no formalized list made up. It is important to know what you have, to know what to secure. It is also an essential part of each cyberframework including CyFun, CIS and NIST.

 

BUSINESS IMPACT

To effectively safeguard an IT infrastructure, it is crucial to possess a comprehensive understanding of the devices, software, and data you employ. Familiarizing yourself with these components is vital as it establishes the foundation for protecting and securing your system effectively.

The absence of a comprehensive inventory of IT assets can present various challenges for businesses:

  • Operational Inefficiency: Without proper inventory management, organizations may struggle with inefficient use of technological resources.

  • Increased Vulnerability: Lack of visibility into assets can make them more susceptible to breaches and security threats.

  • Compliance Challenges: Many cybersecurity frameworks require organizations to maintain clear inventories of IT assets to ensure compliance.

  • Additional Costs: Inefficient management and security vulnerabilities may lead to additional costs for organizations.

SECURITY MEASURES

Creating an inventory of assets, software, and data is an essential step in managing IT resources effectively, whether they're on-premises or in the cloud. Having a clear inventory helps organizations to know what to secure, keep track of their IT resources, use them efficiently, and ensure compliance with regulations. It's a simple yet crucial measure for maintaining control and security over technology resources.

This process involves making comprehensive lists of all:

  • Hardware

  • Software

  • Data

  • Virtual servers

  • Other services

RESOURCES


 

Ready to strengthen your cybersecurity?

Contact us today to discuss how Cresco's services can help your organisation can protect and secure your organisation.