Page 35 - index
P. 35







Four Keys to Cybersecurity Success

Start by protecting the “trophies” that your business cannot live without

By George (Chip) Tsantes, Principal, Information Security Advisory Services, Ernst & Young
LLP

Enterprise data security issues continue to dominate the headlines. A quick flip through
business news stories in any given week reveals at least one story of an organization whose
vital data has been hacked, and that is scrambling to close the barn door to salvage its
business, customers and reputation.

It should now be readily apparent that cybersecurity is no longer merely an IT issue. It is a
whole-business challenge that can bring an organization to its knees unless proper precautions
are taken.

While such precautions can be multifaceted and complex depending on the organization and
the assets it needs to protect, there are four fundamental steps that can help safeguard
information against breaches.

1. Focus on high-value assets

Fact: A company cannot protect every asset with the same degree of rigor or certainty. After all,
no organization has an unlimited data security budget. So it is critical to identify the enterprise’s
highest value and/or most vulnerable data targets – in other words, “trophies” – and then focus
your time, effort and dollars there.

The strategy deployed to combat a cybersecurity threat will often hinge upon the trophies – the
information that either is in greatest potential peril and/or of greatest value to threat actors. This
may include, for instance, data that can be monetized, such as customer credit card numbers,
bank account numbers, brokerage account numbers and the like. While this data should, of
course, be encrypted to make it more difficult to access, there are other ways to protect it, such
as ensuring that any third parties in one’s transaction supply chain also leverage the latest
encryption technology and take similar steps to deter access.


Note that as an organization evolves and changes over time, so will the definition of its trophies.
Frequent re-assessments should be conducted to revise one’s security focus accordingly, in
order to ensure that the data sets receiving the most attention always correlate with what is
most valuable to the organization.

2. Identify the enemy

A proven method to determine which data assets are most likely to be attacked is to view one’s
data through the lens of the threat actors. Eastern European cyber-criminals, for example, have
historically been interested in quick cash through point of sale attacks. Certain nation states
have focused on stealing trade secrets and/or intellectual property from corporate databases.


35 Cyber Warnings E-Magazine – January 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide

   30   31   32   33   34   35   36   37   38   39   40