About 60% of leaks and 85% of breaches of computer networks are associated with unaccounted for in the inventory of digital assets, according to a study by Bi.Zone.
Most often, public cloud storages like Google Drive, DropBox and files in them, as well as services for organizing internal processes, fall out of sight of security services. They allow attackers to penetrate corporate networks and gain access to confidential information.
“Let’s say that the company had an information system (IS) A. Then it is changed to information system B. At the same time, no one disposes of the first IS, it remains. At the same time, she may have access to the Internet. Since system A stops even being updated, the risk of intruders entering through it increases, since they can take advantage of a vulnerability that the company forgot to close with an appropriate update, ”said Andrey Konusov, CEO of Avanpost.
According to him, there is also a risk that an employee of the company, who has not been working in it for a long time, can transfer access to the old system to the attackers. Such a key can allow obtaining data from both a compromised system and from others.
Digital assets often remain unaccounted for due to the high speed of business digitalization: local security services do not have time to keep track of new software, according to experts interviewed by Izvestia.
Read more in the exclusive material from Izvestia:
“Digital liabilities: most leaks and hacks are associated with forgotten software”