Sign up for our weekly newsletter!
REGISTER NOW |
||
|
||
Cybercriminals Increasingly Targeting 'Crown Jewels' Both Inside & Out![]() For centuries, organizations have been acquiring, producing, leasing, licensing and selling assets. Accounted for in financial statements, these assets represent an organization's wealth and financial stability. This also makes them vulnerable to theft and fraud. As a priority, organizations should focus on those assets that are of the highest value and risk -- commonly referred to by business leaders as the "crown jewels." Assets such as property, plant and equipment are tangible whereas information is an intangible asset. There are two types of intangible assets:
Both types are essential drivers of competitive advantage and shareholder value today. It's common to view the value or importance of information by using a simple classification chart.
![]() (Source: Flickr)
However, mission-critical information assets represent only the very tip of the highest layer. Information of high business value or impact could still register as "high" or "critical" but not necessarily be designated as mission-critical. Traditional risk assessment approaches would not identify this information separately, so mission-critical information assets typically require a different approach to identification.
Information Security Forum (ISF) research has uncovered two main factors that typically influence whether or not an information asset is classed as a crown jewel. The first is its value to the organization. The second is its potential impact if the asset is compromised. At the ISF, we refer to information assets with a high value and business impact rating as "mission-critical information assets." Examples of mission-critical information assets include details of:
When identifying mission-critical information assets, organizations should consider whether:
Privileged insiders, or individuals with access to an organization's crown jewels, are some of the most dangerous people within an organization. They are often a diverse and unconnected group within the organization, extending beyond senior business managers, and by proxy, their personal assistants. Those with access to the crown jewels can also include people in the roles of systems administrator, infrastructure architect and network support engineer, as well as specific external contractors. In the coming years, new attacks will impact both business reputation and shareholder value, and cyber risk exists in every aspect of the enterprise. Even in the cybercrime era, the age-old threat of violence still spreads fear. To achieve greater gains, well-funded criminal groups will combine their substantial global reach and digital expertise with intimidation or savagery to threaten privileged insiders into giving up mission-critical information assets such as financial details, intellectual property (IP) and strategic plans. An organization that loses any of their crown jewels to attackers will be impacted by heavy financial losses and brand damage when planned products are copied and released earlier by competitors. Targeted organizations that cannot guarantee the safety of their highly skilled privileged insiders may find recruitment and retention increasingly difficult. Cybercriminals' inspirationThe growing value of information, combined with the ability of organized criminal groups to profit from its theft, has led to a dramatic rise in cybercrime rates. (See Cybercrime: More Like Facebook's Model Than Traditional Criminal Enterprise.) An approach frequently employed by cybercriminals to steal information is to exploit privileged credentials. In the past, by recruiting even more people with the skills to steal credentials, organized criminal groups have realized a marked improvement in profits from cybercrime. Nevertheless, there is another way to gain access to such credentials: directly from the people themselves, each of whom becomes a physical target. The tactic of targeting specific individuals has already been successful in other lucrative areas of criminal activity. Individuals to target can be identified through sources such as LinkedIn or Facebook. Coercion can then take place in either a virtual or physical environment. For example, a technique of "sextortion" can be adapted to blackmail insiders into handing over an organization's crown jewels. In extreme cases, criminals may also resort to violence, or the threat of violence against a privileged insider, including holding the family captive until the crown jewels have been compromised, a tactic which has been used successfully during armed robberies. Criminal gangs will see merit in coercing privileged insiders into providing direct access to an organization's systems as they will be able to:
Moving forward, merciless criminal groups, rogue competitors and nation-states will directly target mission-critical information assets. If compromised, the loss of this data can cripple an organization. Consequently, an organization should take steps to identify and record these assets. The individuals with access to, or responsibility for, the management and protection of these assets should also be identified on that record. At the same time, procedures can be put in place for individuals to report any coercion or threat, and arrangements made for anyone affected to receive appropriate protection. Be preparedAs dangers accelerate, organizations must fully commit to disciplined and practical approaches to managing the major changes ahead. Employees at every level of the organization will need to be involved, including board members and managers in non-technical roles. Here are a few recommendations to consider:
— Steve Durbin is managing director of the Information Security Forum. His main areas of focus include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments. He is a frequent speaker and commentator on technology and security issues. Previously, he was a senior vice president at Gartner. |
5G technology holds a good deal of promise for businesses, from expanded IoT capabilities to new ways to reach customers. The downside is that these networks require a new security approach, which InfoSec teams need to start thinking about now.
As businesses move to the cloud, remote locations are relying more and more on SD-WAN. However, this change means a different approach to security. Here's why enterprises should look to the edge.
Over the last year, vulnerable, cloud-based databases have shown that dangers of trusting data to others. However, an exposed government server in Oklahoma proves that attackers can find on-premises data, too.
With the discovery of 'Collection #1,' security researcher Troy Hunt appears to have found the largest repository of stolen email addresses and passwords ever, totaling more than 87GB and 12,000 separate files.
In an era when enterprises are scrambling to keep up with security demands, a new industry survey from ISF finds that having more diverse skills on the InfoSec team is one way to ensure a more stable workforce.
Information Resources
upcoming Webinars
ARCHIVED
Top Tips for Blocking pwned [email protected]$$wOrds in Your Organization
Tuesday, October 29, 2019
12 p.m. New York/ 4:00 p.m. London Podcasts
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Podcast: Digital Transformation, SD-WAN & Optimal Security
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security. ![]() like us on facebook
|
|
![]() |
||
![]() |
Security Now
About Us
Contact Us
Help
Register
Events
Supporting Partners
Twitter
Facebook
RSS
Copyright © 2019 Light Reading, part of Informa Tech, a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use in partnership with
|