The ITAM Review

News, reviews and resources for worldwide ITAM, SAM and Licensing professionals.

TalkTalk shares down 9% after cyber attack – could ITAM help with Cyber Security?

200px-TalkTalk_logo.svgDido Harding, the CEO of publicly listed Telco TalkTalk, faces the grim prospect of her company’s reputation and share price taking a nosedive today.

The share price (at time of writing) is down 9% and the BBC report that TalkTalk customers are likely to be ‘vulnerable and panicky’.

An unverified statement via Business Insider suggests ‘Russian Jihadist hackers’ are behind the attack that is said to have revealed the names, addresses, date of birth, email addresses, telephone numbers, credit card information and TalkTalk account information for 4 million UK customers.

Whilst you would have thought the financial information of customers, at the very least, would be encrypted, this leaves 4 million customers open to email or phone based scams.

Can ITAM help with Cyber Security?

I believe ITAM has a role to play in the defence against Cyber security attacks and should be considered part of the info security toolkit alongside traditional staples like intrusion detection and anti-virus/malware detection.

As IT Asset Management professionals, especially those of us with accurate verified inventory, we work with extremely valuable data to help prevent such attacks. For those of you just starting out – the value add to security should be integral to your business plan.

I was speaking with Sumin Tchen of Belarc at our Microsoft Licensing seminar in New York this week.

Belarc have Federal Aviation Administration, NASA, U.S. Air Force, U.S. Army, U.S. Marine Corps and U.S. Navy as customers so Sumin is acutely aware of the role of ITAM in highlighting security risks.

Sumin suggested ITAM professionals with leading ITAM practices can help security with the following data:

  • Via versions – which applications or operating systems are unpatched (think about IE, Flash, Java, Windows OS)
  • Which software is out of date? (Such as ActiveX, OpenSSL)
  • What unauthorized machines or storage devices exist?
  • What is the encryption status of devices?
  • Are all devices covered by anti-virus? Is it being updated?
  • Is the integrity of installed software known? i.e. is that copy of Microsoft Excel ACTUALLY Microsoft Excel?

If you know of any other areas where ITAM professionals can help with security please post them below or contact us. Thanks, Martin

About Martin Thompson

Martin is owner and founder of The ITAM Review, an online resource for worldwide ITAM professionals. The ITAM Review is best known for its weekly newsletter of all the latest industry updates, LISA training platform, Excellence Awards and conferences in UK, USA and Australia.

Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.

He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.

Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).

When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.

Connect with Martin on LinkedIn.

One Comment

  1. Peter Beruk says:

    Yes, ITAM can and will help on Cyber Security. Unpatched software will not have the latest security updates – leading hackers to infiltrate organizations via malware.

    While it is too early to cite the underlying cause of this recent attack, organizations should use this event as a clear message to have robust ITAM policies in place which will reduce these threats.

Leave a Comment