Every day, new streams of information flow into corporations, powering up-to-the-minute analysis and smarter decisions around data protection. Employees, customers and contractors are all connected as never before, across a multitude of technologies. Yet these sprawling and overlapping networks pose daunting security challenges.

To face these growing challenges, corporations require a new breed of security leader. Naturally, security leaders must be attuned to countless technology threats, but also to strategic issues.

The question becomes is strong security even possible in a hyper-connected era? The answer is yes, but it requires fundamental changes in processes and attitudes.

For the past two years, hundreds of IBM security researchers, developers and analysts have committed their expertise to understand the anatomy of modern threats and help design unique defenses and analytics that can stop attacks—in some cases, before they begin.

Digital intruders target strategic assets, government ministries to communications networks. In a recent study on the cost of a data breach from the Ponemon Institute:

  • 42% of incidents involved a malicious or criminal attack
  • 30% concerned a negligent employee or contractor (human factor)
  • 29% involved system glitches that includes both IT and business process failures

Beyond a cyber attack’s impact on consumers, an organization’s critical data, or its “Crown Jewels,” are its lifeblood. This data includes intellectual property (IP) as well as source code, formulas, customer data such and credit card information and more.

Despite the importance and value of this data, many organizations are not aware of what their Crown Jewel information is, where it resides, who has access to it, or how it is protected. In many instances this data is being stored unstructured data stores such as email, making it more susceptible to theft. In fact, it can take days or more to discover in 95 percent of cases, and weeks or more to contain in more than 90 percent of cases, a lag that can have a catastrophic impact on a business.

Data protection is dependent upon having access to vital information in order to apply proper controls. Possessing information about Crown Jewels is necessary in order to determine whether adequate controls are in place. Each enterprise should carry out an inventory, with the critical data getting special treatment. Each priority item should be guarded, tracked, and encrypted as if the company’s survival hinged on it. In some cases it may.

A comprehensive critical data protection program does the following:

  • DEFINE your critical data assets
  • DISCOVER critical data security environment
  • BASELINE critical data security processes and controls
  • SECURE critical data
  • MONITOR with proper governance and metrics

As the intensity of the threat landscape increases every year, organizations are looking for new ways to reduce security complexity and confidently embrace the opportunities offered by changes in online commerce, mobile proliferation and cloud adoption.

Early detection and rapid response are the best defense against rising cyber threats and sophisticated attacks. A strong security posture and having the right safeguards in place is what results in the greatest decrease in the cost of data breach for your organization.

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…