Protecting information and data has never been as vital as it is today. The dawn of stringent data protection and privacy laws such as the General Data Protection Regulation (GDPR) and ePrivacy Regulation (ePR) not only reaffirms the importance of data, it also raises the stakes for those that collect, handle, and store data. Reports of continued data breaches, despite the new policies, further drive this point.
According to an IBM study, the cost of a data breach has increased, pegging the average cost of a data breach at US$3.86 million in 2018. But organizations are likely to pay even more due to fines from violating data protection laws, as was the case for UK British Airways (fined US$230 million), Marriott (fined US$124 million), and Equifax (fined US$575 million). Each report highlights the constancy of threats, the costly consequences, and the security holes that make breaches possible.
Given these factors, organizations should begin to reevaluate if their resources are enough to protect the data that they collect, store, and process.
To begin with, organizations must first identify their mission-critical information assets that, if compromised, would cause major damage to the business. Different industries hold different forms of data, or the same data but held with varying degrees of importance; information assets can also take on different forms for different organizations.
Here are broad classifications of information that organizations may consider as their crown jewels.
According to Trend Micro and Ponemon’s Cyber Risk Index (CRI) the top types of data at risk—R&D information, customer accounts, trade secrets, and confidential company data— fall under at least one of these categories. Cybercriminals can tailor their attacks on the kind of information that they want to target. They could also choose their target based on which would be the most within their reach, because a company has directed its security resources elsewhere.
Organizations may have different categorizations for the data and information that they store, but each organization must establish a definitive set of parameters for defining their mission-critical information assets. Some factors they can consider for choosing which assets to protect are the following:
The point of identifying critical assets is to determine the best way to distribute resources and design an appropriate security structure that minimizes the risks associated with the potential breach of these assets. However, an organization must still acknowledge that data that has not been identified as mission-critical still has an inherent value, and must be accounted for. We list them below.
The information listed above are those an organization must have control over. This means, an enterprise must be aware that this information is out there, if publicly available. Although perhaps harmless by themselves, they could become tools that would allow attackers to penetrate initial defenses.
[Read: Understanding Targeted Attacks: Defensive Measures]
As mentioned earlier, the first real step for organizations would be to know their data better than anyone else. We summarize our recommendations in the following steps.
Overall, organizations should implement strong network defense that would block threats from various entry points, preventing them from reaching identified mission-critical assets. A multi-layered connected network defense and complete visibility into all network traffic, in addition to next-generation intrusion prevention system (NGIPS), can help organizations stay a step ahead of threats that could compromise intangible assets.
Enterprises can also add an extra layer of security through Trend Micro XGen™ security, which provides a cross-generational blend of threat defense techniques. It uses machine learning technology to proactively and efficiently detect the maliciousness of previously unknown file types, ensuring that data centers, cloud environments, networks, and endpoints are protected against a full range of threats.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.