May 5, 2014 By Kris Lovejoy 2 min read

Every day, new streams of information flow into corporations, powering up-to-the-minute analysis and smarter decisions around data protection. Employees, customers and contractors are all connected as never before, across a multitude of technologies. Yet these sprawling and overlapping networks pose daunting security challenges.

To face these growing challenges, corporations require a new breed of security leader. Naturally, security leaders must be attuned to countless technology threats, but also to strategic issues.

The question becomes is strong security even possible in a hyper-connected era? The answer is yes, but it requires fundamental changes in processes and attitudes.

For the past two years, hundreds of IBM security researchers, developers and analysts have committed their expertise to understand the anatomy of modern threats and help design unique defenses and analytics that can stop attacks—in some cases, before they begin.

Digital intruders target strategic assets, government ministries to communications networks. In a recent study on the cost of a data breach from the Ponemon Institute:

  • 42% of incidents involved a malicious or criminal attack
  • 30% concerned a negligent employee or contractor (human factor)
  • 29% involved system glitches that includes both IT and business process failures

Beyond a cyber attack’s impact on consumers, an organization’s critical data, or its “Crown Jewels,” are its lifeblood. This data includes intellectual property (IP) as well as source code, formulas, customer data such and credit card information and more.

Despite the importance and value of this data, many organizations are not aware of what their Crown Jewel information is, where it resides, who has access to it, or how it is protected. In many instances this data is being stored unstructured data stores such as email, making it more susceptible to theft. In fact, it can take days or more to discover in 95 percent of cases, and weeks or more to contain in more than 90 percent of cases, a lag that can have a catastrophic impact on a business.

Data protection is dependent upon having access to vital information in order to apply proper controls. Possessing information about Crown Jewels is necessary in order to determine whether adequate controls are in place. Each enterprise should carry out an inventory, with the critical data getting special treatment. Each priority item should be guarded, tracked, and encrypted as if the company’s survival hinged on it. In some cases it may.

A comprehensive critical data protection program does the following:

  • DEFINE your critical data assets
  • DISCOVER critical data security environment
  • BASELINE critical data security processes and controls
  • SECURE critical data
  • MONITOR with proper governance and metrics

As the intensity of the threat landscape increases every year, organizations are looking for new ways to reduce security complexity and confidently embrace the opportunities offered by changes in online commerce, mobile proliferation and cloud adoption.

Early detection and rapid response are the best defense against rising cyber threats and sophisticated attacks. A strong security posture and having the right safeguards in place is what results in the greatest decrease in the cost of data breach for your organization.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today