Protecting the Crown Jewels: Securing Critical AssetsAn effective asset protection strategy includes identifying and classifying assets, determining the exposure and risks to the assets, and implementing multiple layers of security. By: Patrick Barnett, Incident Response
When developing information security strategies, business continuity plans, and disaster recovery plans, organizations should answer the following questions:
- What applications, data, and information systems are critical to our business and mission statement? In other words, what assets are our “crown jewels”?
- What applications, data, and information systems must always be functional and protected for our core processes and business functionality to operate?
A fundamental tenet for most information security professionals is that data will always leak, regardless of security controls. Understanding this premise enables appropriate monitoring, alerting, and safeguards. Data can represent a substantial percentage of an organization’s total value, so protecting it is paramount to the organization’s existence. Additionally, there may be reporting requirements associated with the compromise of confidential data. Data leaks could lead to lawsuits, fines, negative publicity, loss of market share, drops in stock prices, reputational damage, and loss of customer goodwill.
The inability to conduct normal business operations during or following an attack can also be costly. This interruption can represent almost 60% of the cost of a breach.
After the assets are identified, they should be classified, stored, and protected. Listing them and their classification in the organization’s master inventory can help network defenders triage incidents and assign priorities during incident response.
Data discovery and data loss prevention can help protect data assets. Data discovery can identify where all sensitive and confidential data resides. Data loss prevention can eliminate data leakage, particularly when it includes encryption. Full-disk encryption can reduce risk and has a positive return on investment. Data must also be encrypted while in motion. Data flow diagrams should be created and then reviewed and updated at least annually. The use of good data flow diagrams makes it easier for network defenders to understand their data and discover weaknesses or anomalous behaviors.
Implementing multi-factor authentication (MFA) on accounts that have access to critical assets adds another layer of protection. MFA is not just for internet-facing connections. Many organizations deploy MFA for an already authenticated network user to access critical data, processes, applications, or programs. In addition to tokens, an IP address, certificate, computer name, MAC address, group membership, geographical location, or even time of day can be authentication methods. This additional level of security can protect the assets, even if a threat actor compromises an endpoint and gains access to the network.
Tokenization and file-integrity monitoring are other safeguards. Data that’s been tokenized is useless to a threat actor because there’s no way to convert it back into its real representation. File-integrity monitoring can be applied to key files or processes related to the assets, and changes trigger an alert. Network defenders can compare the alert to change control records, declare a security incident if the change isn’t authorized, and begin a formal investigation. Risks associated with the compromise or loss of critical assets can be minimized if these measures are combined with good access control list (ACL) management, proper hardening measures, principle of least-privilege, antivirus protection, next-generation endpoint protection, sound database administration and management, vulnerability management and patching, penetration testing, and event monitoring.
The compromise or loss of an organization’s “crown jewels” would cause a major impact. Motivated, capable, and well-funded government-sponsored threat groups, cybercriminals, or unscrupulous competitors may target these mission-critical assets. Organizations that recognize the value of and the risks to their crown jewels can reduce their risk and implement comprehensive, balanced, and end-to-end protection.
Learn more about the value of network inventories and diagrams.