Every day, new streams of information flow into corporations, powering up-to-the-minute analysis and smarter decisions around data protection. Employees, customers and contractors are all connected as never before, across a multitude of technologies. Yet these sprawling and overlapping networks pose daunting security challenges.

To face these growing challenges, corporations require a new breed of security leader. Naturally, security leaders must be attuned to countless technology threats, but also to strategic issues.

The question becomes is strong security even possible in a hyper-connected era? The answer is yes, but it requires fundamental changes in processes and attitudes.

For the past two years, hundreds of IBM security researchers, developers and analysts have committed their expertise to understand the anatomy of modern threats and help design unique defenses and analytics that can stop attacks—in some cases, before they begin.

Digital intruders target strategic assets, government ministries to communications networks. In a recent study on the cost of a data breach from the Ponemon Institute:

  • 42% of incidents involved a malicious or criminal attack
  • 30% concerned a negligent employee or contractor (human factor)
  • 29% involved system glitches that includes both IT and business process failures

Beyond a cyber attack’s impact on consumers, an organization’s critical data, or its “Crown Jewels,” are its lifeblood. This data includes intellectual property (IP) as well as source code, formulas, customer data such and credit card information and more.

Despite the importance and value of this data, many organizations are not aware of what their Crown Jewel information is, where it resides, who has access to it, or how it is protected. In many instances this data is being stored unstructured data stores such as email, making it more susceptible to theft. In fact, it can take days or more to discover in 95 percent of cases, and weeks or more to contain in more than 90 percent of cases, a lag that can have a catastrophic impact on a business.

Data protection is dependent upon having access to vital information in order to apply proper controls. Possessing information about Crown Jewels is necessary in order to determine whether adequate controls are in place. Each enterprise should carry out an inventory, with the critical data getting special treatment. Each priority item should be guarded, tracked, and encrypted as if the company’s survival hinged on it. In some cases it may.

A comprehensive critical data protection program does the following:

  • DEFINE your critical data assets
  • DISCOVER critical data security environment
  • BASELINE critical data security processes and controls
  • SECURE critical data
  • MONITOR with proper governance and metrics

As the intensity of the threat landscape increases every year, organizations are looking for new ways to reduce security complexity and confidently embrace the opportunities offered by changes in online commerce, mobile proliferation and cloud adoption.

Early detection and rapid response are the best defense against rising cyber threats and sophisticated attacks. A strong security posture and having the right safeguards in place is what results in the greatest decrease in the cost of data breach for your organization.

More from CISO

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

6 Roles That Can Easily Transition to a Cybersecurity Team

With the shortage of qualified tech professionals in the cybersecurity industry and increasing demand for trained experts, it can take time to find the right candidate with the necessary skill set. However, while searching for specific technical skill sets, many professionals in other industries may be an excellent fit for transitioning into a cybersecurity team. In fact, considering their unique, specialized skill sets, some roles are a better match than what is traditionally expected of a cybersecurity professional. This article…

Laid Off by Big Tech? Cybersecurity is a Smart Career Move

Big technology companies are laying off staff as market conditions change. The move follows a hiring blitz initially triggered by the uptick in pandemic-powered remote work — according to Bloomberg, businesses are now cutting jobs at a rate approaching that of early 2020. For example, in November 2022 alone, companies laid off more than 52,000 workers. Companies like Amazon and Meta also plan to let more than 10,000 staff members go over the next few years. As noted by Stanford…