With passing of the Jubilee, all eyes have been on the Queen and the Royal Family
The festivities draw attention to all things monarchy, including the Queen’s crown jewels. Protected by world-class security systems, state of the art CCTV and numerous guards (including ex-military personnel), the crown jewels are one of the most protected artefacts in the world. You may be thinking, how is this related to cybersecurity?
Funnily enough, this serves as a a good parallel between the physical crown jewels, and the digital ones stored within all organisations around the globe. In our age of continuously evolving cyber-attacks and threat-vectors, a company’s crown jewels are not only incredibly valuable but also extremely vulnerable and, as such, must be protected around the clock. Any misuse, theft or damage to these types of assets can immensely damage an organisation’s brand image, reputation and even shareholder value, not mentioning the disruption to business.
What are an organisation’s crown jewels and why are they important?
An organisation’s crown jewels are typically the most valuable data existing on systems, any intellectual property (IP) as well as any trade secrets that form a business’s identity.
A good way to judge whether or not something is a crown jewel, is by assessing whether or not an attack on that specific asset would bring the business to a halt. Examples of these include personnel information, systems that store and process staff information and CRM or customer relationship management systems.
While the crown jewels may only represent approximately 2% of a business’s intellectual property or data, they often dominate around 70-80% of that organisation’s brand value.
Identifying an organisation’s crown jewels
Identifying crown jewels is a critical process in developing any kind of breach-readiness or robust cybersecurity culture.
Security teams can perform crown jewels assessments to help their organisation prioritise security efforts and align their investments accordingly. In this way, they can avoid wasting valuable funds. There are 5 important steps they can take:
- Define – First, determine the objectives for data protection and develop an organisation data model.
- Discover – Next, IT teams must be able to understand the data lifecycle/environment and identify areas of critical data storage, traffic, access.
- Baseline – After, they must establish the baseline requirements and assess any current controls to identify gaps and determine solutions.
- Secure – Penultimately, it’s vital to plan and prioritise the technical and business process transformations, as well as any design and implement solutions that are able to protect all critical data.
- Monitor – The final step is to determine the metrics and process for monitoring, response and communications. Here it’s crucial to constantly re-evaluate and improve the programme effectiveness.
How to protect the crown jewels
This is where the parallel to the Queen’s jewels comes in. Even if a potential thief were to make it past initial defences and CCTV hidden in the Tower of London, there is another layer of security around each corner, making it practically impossible to steal the jewels. This is exactly the type of approach organisations should be taking when implementing defence layers around their most valuable assets and data.
Identifying the crown jewels is the first step, which can be done by following the 5 steps outlined above. Following this, it’s vital to perform an audit (whether internal or external) and analyse the level of security surrounding valuable assets. Where do gaps exist and how can these be bridged?
Another important factor is completing a budgetary analysis, in order to determine the annual spend on cybersecurity and how this is being allocated. Many organisations find their cybersecurity spend increasing while their protection level remains the same, leaving vital assets immensely vulnerable. By performing a budgetary analysis, organisations can re-evaluate their spending and make sure none of it is going to waste on solutions that aren’t providing sufficient protection.
Finally, there must be constant monitoring of the crown jewels, particularly those that reside with third parties or cloud platforms. These must be equally as secure as those used for assets within the business. Threat-actors often use third-parties as a gateway into larger organisations, knowing they don’t always receive the same amount of security.
Despite cybersecurity spending having increased on average as a result of the pandemic, the growing adaption of the cloud and the increase in remote work has intensified the challenges facing security teams. When it comes to security, an organisation’s priority must always be protecting its crown jewels, because any misuse or damage to these could mean a shut-down of entire business operations and damage to reputation. By identifying the crown jewels and understanding all possible attacks paths that could be used by threat-actors to move laterally, organisations can allocate their spending more wisely and drastically improve their security.
About the Author
Jon Andrews is VP of EMEA at Gurucul. Gurucul is transforming enterprise security with user behavior based machine learning and predictive analytics. Using identity to monitor for threats, Gurucul provides Actionable Risk Intelligence™ to protect against targeted and under-the-radar attacks. Gurucul is able to proactively detect, prevent, and deter advanced insider threats, fraud and external threats to system accounts and devices using self-learning, behavioral anomaly detection algorithms.
Featured image: ©Art-Stock-Creative