Every day, new streams of information flow into corporations, powering up-to-the-minute analysis and smarter decisions around data protection. Employees, customers and contractors are all connected as never before, across a multitude of technologies. Yet these sprawling and overlapping networks pose daunting security challenges.
To face these growing challenges, corporations require a new breed of security leader. Naturally, security leaders must be attuned to countless technology threats, but also to strategic issues.
The question becomes is strong security even possible in a hyper-connected era? The answer is yes, but it requires fundamental changes in processes and attitudes.
For the past two years, hundreds of IBM security researchers, developers and analysts have committed their expertise to understand the anatomy of modern threats and help design unique defenses and analytics that can stop attacks—in some cases, before they begin.
Digital intruders target strategic assets, government ministries to communications networks. In a recent study on the cost of a data breach from the Ponemon Institute:
- 42% of incidents involved a malicious or criminal attack
- 30% concerned a negligent employee or contractor (human factor)
- 29% involved system glitches that includes both IT and business process failures
Beyond a cyber attack’s impact on consumers, an organization’s critical data, or its “Crown Jewels,” are its lifeblood. This data includes intellectual property (IP) as well as source code, formulas, customer data such and credit card information and more.
Despite the importance and value of this data, many organizations are not aware of what their Crown Jewel information is, where it resides, who has access to it, or how it is protected. In many instances this data is being stored unstructured data stores such as email, making it more susceptible to theft. In fact, it can take days or more to discover in 95 percent of cases, and weeks or more to contain in more than 90 percent of cases, a lag that can have a catastrophic impact on a business.
Data protection is dependent upon having access to vital information in order to apply proper controls. Possessing information about Crown Jewels is necessary in order to determine whether adequate controls are in place. Each enterprise should carry out an inventory, with the critical data getting special treatment. Each priority item should be guarded, tracked, and encrypted as if the company’s survival hinged on it. In some cases it may.
A comprehensive critical data protection program does the following:
- DEFINE your critical data assets
- DISCOVER critical data security environment
- BASELINE critical data security processes and controls
- SECURE critical data
- MONITOR with proper governance and metrics
As the intensity of the threat landscape increases every year, organizations are looking for new ways to reduce security complexity and confidently embrace the opportunities offered by changes in online commerce, mobile proliferation and cloud adoption.
Early detection and rapid response are the best defense against rising cyber threats and sophisticated attacks. A strong security posture and having the right safeguards in place is what results in the greatest decrease in the cost of data breach for your organization.
Kristin Lovejoy is the former general manager of the IBM Security Services division, where she developed and delivered managed and professional security serv...