Protecting the Crown Jewels
Protecting the Crown Jewels
Despite the importance and value of critical enterprise data, many organisations are not aware of what their ‘crown jewels' information is, where it resides, who has access to it, or how it is protected, making it more difficult to monitor and protect. In more than 90 percent of cases, data loss can take days or more to discover and weeks or more to contain, a lag that can have a catastrophic impact on a business.
Many of these critical data assets are being stored in multiple unstructured data stores, including the cloud and other ‘shadow IT' repositories, such as personal email. Typically, people, rather than technology, are the weak links and those board directors may read, edit and store ‘crown jewel' information on their mobile, tablet or other device outside the corporate infrastructure.
When valuable data is stolen, the damage to a business can be significant. According to the Ponemon's annual Cost of a Data Breach Report sponsored by IBM,
the average cost for each lost or stolen record containing sensitive and confidential information increased from £118 to £126. Beyond monetary costs, consider the detrimental effects of a company's reputation, revenue, customer loyalty and trust when breaches occur. In fact, when a brand's crown jewels of information are stolen, the damage can be irreparable.
Every organisation needs to identify data that represents its crown jewels, ranking potential threats, analysing business processes, mapping information flows, monitoring access, and ensuring that adequate controls are in place to protect that information. This process must include assessing key employees with a stake in the crown jewels of an organisation, along with identifying early warning signals of possible threat activity.
By using this process, a CISO can design and implement solutions that address security gaps, electronically tag and label data, and create control points for monitoring and enforcement. Such a process will identify potential threats to crown jewels and provide early warning alerts of possible threat activity.
Every CISO also must conduct operational support and programme revalidation that monitors the crown jewel protection processes. This ensures continued improvement and allows the protection of critical data to evolve and adapt to changes in business needs.
There were many lessons learned from the Heartbleed attacks where just one day after the disclosure, IBM Managed Security Services (MSS) witnessed a 24-hour spike of 300,000 attacks across customer networks. We found that having an incident response plan and maintaining an asset database were both absolutely critical to reducing exposure to the attacks.
Organisations that had struggled to maintain a current asset database were left blind to which systems were vulnerable and which systems were critical. Even if they had an incident response plan, they needed an up-to-date asset database in order to deploy it.
On the other hand, companies that had maintained their asset database and incident response plan were able to rapidly deploy patches on critical systems vulnerable to attack, thereby reducing their exposure to Heartbleed. They also face significantly less risk for threats in the future.
Security threats continue to grow in volume, complexity, and stealth and only by applying a full lifecycle of data security can organisations protect the crown jewels and secure profitability, competitive position and reputation.