Cyber attacks are rising sharply in the public sector, with the number of attacks targeting government agencies seeing a staggering 95 percent increase in 2022 compared to the previous year. Last year, ransomware attacks affected 106 state or local agencies — a significant increase from the 77 attacks in 2021.
From a ransomware attack that forced the city of Dallas to take servers offline to the cyber attack that impacted 55 counties across Arkansas, attacks targeting government entities seem to grace news headlines with increasing frequency.
In the public sector, accelerated digitization, underfunded security teams, and increased hybrid and remote work have converged to create a perfect storm for cyber criminals. As agencies deploy more endpoint devices and applications, unmonitored assets are an easy attack vector for threat actors.
As a result, asset management — a function once squarely in the domain of IT operations — is now a critical component of cybersecurity risk management. And to support their asset management needs, state and local agencies are increasingly turning to Cyber Asset Attack Surface Management (CAASM).
THE PROBLEM WITH TRADITIONAL IT ASSET MANAGEMENT
To manage and respond to cyber risks, IT and security teams need a comprehensive view of the entire attack surface. But identifying and managing all of an organization's information assets is increasingly difficult in today’s IT landscape.
Here’s why: When new assets are constantly being spun up and spun down, it’s hard to track asset ownership. This creates confusion around who is ensuring adherence to asset control policies and procedures, leaving security gaps ripe for cyber criminals to exploit. For many agencies, where “do more with less” is the rule rather than the exception, limited resources also make asset inventorying a time-consuming, if not impossible, undertaking.
While there are many ways to implement asset management, all with varying levels of sophistication and effectiveness — from Excel spreadsheets to agent-based and scanner-based discovery tools — none provide the asset visibility afforded by CAASM solutions. Since CAASM tools use API integrations to connect with existing data sources, they can automatically find cyber assets, validate security controls and remediate issues.
Traditional approaches to IT asset management also create gaps that bring into question data accuracy and completeness. Unlike CAASM solutions, traditional asset management tools only utilize one data source for asset information — rather than bringing together all data sources for a unified view.
THREE WAYS TO IMPROVE ASSET VISIBILITY AND MANAGEMENT
So, what asset management strategies are forward-thinking agencies pursuing to overcome these challenges, gain asset visibility and strengthen their overall security posture?
Here are three best practices to guide your approach to asset management:
- Increase automation
Automating the asset inventory process is essential to improving asset visibility. Consider replacing manual, outdated processes with cybersecurity asset management tools that provide a continuous, up-to-date inventory in real time. An agentless, API-based approach can help you automatically take in metadata from every vantage point — without sacrificing performance or creating latency. - Improve correlation
To streamline device management and de-duplicate resources, IT teams can choose from a number of device correlation techniques. A CAASM tool that collects and correlates data from hundreds of sources can also provide comprehensive asset visibility into complex environments. - Identify coverage gaps
Security coverage gaps occur when security controls — such as endpoint protection, encryption or vulnerability assessment — don’t exist on devices where they should be deployed. By ensuring your entire asset inventory connects to security controls, you can continuously surface coverage gaps and automate actions when they’re found.
REAPING THE BENEFITS OF CAASM
An increasingly critical tool for agencies that need to safeguard the municipality's staff, citizens and operations from growing cybersecurity threats, CAASM tools help IT and security teams:
Boost visibility
By connecting to hundreds of security and management solutions, CAASM tools allow agencies to achieve a single system of record for all infrastructure. Tools like Axonius collect data from all relevant data sources — at customer-defined fetch intervals — to ensure asset data is comprehensive and timely. For example, the city of Los Angeles uses Axonius to gain a complete, up-to-date asset inventory, helping them enhance visibility into their endpoints and attack surface.
Capture insights
CAASM solutions allow agencies to ask questions that span all data sources. This includes basic inventory questions like, “How many Windows devices do I have?” to more in-depth and complex queries like, “Which of my Windows 10 devices running a vulnerable version of Chrome have an EDR agent installed but aren’t functioning?” With the ability to run granular queries, IT teams can quickly validate policy adherence.
Adhere to regulations
With a comprehensive inventory of all assets — combined with queries to understand how assets either adhere to or deviate from policy — agencies experience fewer manual audits and improved compliance reporting. This helps teams automatically satisfy audits and map to regulations like BOD 23-01 and BOD 23-02.
Facilitate collaboration
With IT and security teams often using separate tools in their day-to-day operations, they’re looking at the asset environment through the lens of different data. By integrating data from multiple sources into a single consolidated view, teams can operate from the same normalized data set. With a single source of truth, security control coverage gaps are minimized and asset ownership is clear.
Cyber resilience starts with CAASM
Cyber attacks will only continue to grow in number and sophistication, and state and local governments will remain a prime target. Building an effective defense against these cyber threats starts with a solid foundation. Once an accurate, comprehensive asset inventory is in place, IT and security teams can then effectively enhance areas like incident response and vulnerability management. With a cybersecurity asset management strategy powered by CAASM, government agencies can fortify their defenses and protect vital citizen services in today’s evolving risk landscape.
