Cybersecurity’s B.I.G. Problem: Bad ITAD Governance

The BIG Problem in Cybersecurity

What is Cybersecurity’s B.I.G. Problem?

Cybersecurity professionals are constantly battling an evolving landscape of threats, from malware attacks to security misconfigurations. But there’s another major issue they might be overlooking: Bad ITAD Governance, or what we’ll call the “BIG Problem” for short.

What is IT Asset Disposition (ITAD)?

ITAD refers to the secure disposal of used IT equipment at the end of its lifecycle. Regulations require companies to meticulously track IT assets from purchase to disposal. However, many organizations struggle to account for up to 20% of their hardware.

Why is Bad ITAD a Cybersecurity Risk?

The US Securities and Exchange Commission (SEC) recently classified ITAD as a cybersecurity risk due to concerning practices they discovered.

The crux of the BIG Problem lies in traditional ITAD governance. Here’s how it plays out: The same team responsible for tracking IT assets (IT Asset Management – ITAM) also handles their disposal. This creates a conflict of interest. Missing assets are often simply assumed to be retired, and the burden of verification falls on the ITAD vendor. These vendors, with no incentive to report discrepancies, simply move on.

Why Don’t People Speak Up?

Fear of blame and a natural aversion to self-reporting negative information discourage both ITAM and ITAD vendors from raising red flags about missing assets.

The Consequences of Ignoring the Cybersecurity BIG Problem:

Missing IT assets, especially those containing sensitive data, become a security risk. Management might be hesitant to address non-compliant ITAD practices for fear of uncovering complex and expensive problems, creating an inherent conflict of interest. Cybersecurity professionals must be aware of this issue and integrate ITAD into their overall strategy.

What’s the Solution?

  • Segregation of Duties (SOD):  Separate teams should handle IT asset tracking and disposal to avoid conflicts.
  • Effective ITAM:  Implement proper tracking from acquisition to disposal to minimize missing assets.
  • Effective ITAD Management:  Implement essential safeguards such as disposal tags and equipment verification holds to ensure compliant and secure IT asset disposal.

Key Takeaways:

  • Non-compliant ITAD practices expose organizations to cybersecurity risks, regulatory fines, and lawsuits.
  • Implementing segregation of duties, disposal tags, and equipment verification holds can significantly improve ITAD security.
  • By integrating ITAD into their strategies, cybersecurity professionals can address a major blind spot.

Taking Action:

Don’t let the Bad ITAD Governance become a time bomb for your organization. Take action today by implementing the solutions outlined above. Prioritizing secure and compliant ITAD can significantly strengthen your cybersecurity posture.

Schedule a call today to learn how.

keyboard_arrow_up