According to the independent Swiss cyber study 2024 (German), 4% of the 500+ SMEs in the survey fell victim to a serious cyberattack in the past three years. This corresponds to approx. 24’000 companies extrapolated to Switzerland. For 73% of those affected, this resulted in considerable financial damage. Nevertheless, more than 50% of the SMEs surveyed consider the risk of a serious attack to be low.
This false sense of security is alarming.
In addition to making sure they have a business continuity and disaster recovery plan in place, SMEs might conduct a crown jewel analysis to identify what assets to protect and how. Here’s how to proceed:
Start with a crown jewel analysis
The «crown jewel analysis (CJA)» is a cybersecurity strategy that helps you identify and protect the most valuable or critical assets in your organization's information systems. These assets – the «crown jewels» – can include sensitive data such as customer, medical, and financial information or critical systems such as servers and networks. The goal of the CJA is to prioritize the protection of these assets.
Once you have identified your crown jewels, implement the security measures you've developed specifically to protect them. These measures include, for example, encryption, access control, and monitoring. The CJA is often used in combination with other cybersecurity strategies, such as risk management and defense in depth. While each strategy should be considered separately, it is the interplay of methods and techniques that leads to good results. When you know your most valuable assets and prioritize their protection, you are better equipped to defend against cyberthreats and minimize the potential impact of an attack.
The cybersecurity framework as a solid foundation
The cybersecurity framework currently forms the foundation of an approach you can apply to protect different areas as needed. It consists of the seven components identity, devices, network, data, applications, infrastructure, and security department. Companies that have introduced the cybersecurity framework report considerable and immediate success with it.
Now, the modernization of security processes is certainly a big task. First, you need to involve all stakeholders across the company. Second, you cannot assume that all the necessary measures to increase cybersecurity can be implemented in one project. It is therefore advisable to develop a plan with a specialist and determine the right approach. The benefits are two-fold: you avoid future difficulties or a change in security architecture, and you achieve tangible results.
How to instantly increase protection against attacks
There are some actions you can take immediately to reduce vulnerabilities, increase visibility, and improve your efficiency and effectiveness in defending against aggressive attacks:
Use the zero-trust approach – The zero-trust approach should be part of your security concept, because it provides a fully comprehensive protection for your IT landscape today. The protective measures cover all areas: users, end devices, networks, and data.
Use MFA (multi-factor authentication) as you know it from your bank's online access. For you to increase security and get users' consent, the implementation of this security mechanism should be well planned.
Keep highly privileged accounts separate – Identify the accounts in your company that are of the most interest to attackers. Separate them using Privileged Access Workstations (PAWs) and protect your administrator accounts.
Secure your supply chain – Attackers are increasingly trying to «crack» your defenses by injecting malicious code or components into the software products you receive from the vendors you trust.
Invest in penetration testing – Analyze your entire system for vulnerabilities before attackers do. For this purpose, penetration tests are particularly suitable.
Make sure you have comprehensive investigation techniques – It's not enough to use penetration testing to analyze known vulnerabilities. You must have the option to analyze your entire environment. Try to gain comprehensive insight from multiple perspectives – from endpoint to identity, from data to IoT, and across clouds.
Integrate your security process tools – Eliminate silos and gaps in your protection with an integrated approach. Provide your analysts with a comprehensive and in-depth defense capability using an integrated cloud-based SIEM (Security Information and Event Management) and XDR (Extended Detection and Response).
Involve a cybersecurity service partner – A competent partner can help you not only with every phase of implementing and operating a security department, but also with training your employees.
Staying on the safe side
Cyberattacks change as quickly as the technologies we use to counter them. There is no way around closing gaps in traditional cybersecurity practices and reducing the time it takes to detect and respond to threats. A key to this are forward-looking tools and methodologies like CJA, and support from a partner specializing in cybersecurity. Another key are the employees – known to be the weakest link in the line of defense. Get them prepared with awareness trainings. Employees who know how to protect themselves effectively against cyberattacks in their day-to-day work and properly functioning technical measures are an unbeatable combination.
FAQ
What are crown jewels in a cybersecurity context?
In a cybersecurity context the term «crown jewels» describes the most valuable or critical assets in your organization’s information systems. Examples include sensitive data such as medical information or systems such as servers and networks.
What is a crown jewel analysis?
The crown jewel analysis (CJA) is a method that helps you identify and protect the most valuable or critical assets in your organization's information systems. The aim is to align business objectives with security. Focus on three main questions: 1) What needs to be protected? 2) What is the value of the asset based on the impact if it is compromised? 3) How do you protect these assets?
Once done, the CJA leads to a number of key benefits, including effective resource allocation, enhanced risk management, compliance with regulatory requirements, and business continuity.
What is meant by cybersecurity protection?
Cybersecurity protection describes the practice of defending organizations and their computer networks, devices, and data from cyberthreats.
Why is cybersecurity protection important?
The main five reasons why cybersecurity protection is crucial: 1) It prevents data breaches by protecting sensitive information 2) It avoids financial loss thanks to lower risk of costly ransomware attacks 3) It maintains trust by demonstrating responsibility for customer data 4) It ensures compliance as it allows meeting regulatory requirements 5) It provides resilience against evolving threats.
What are cybersecurity best practices?
Cybersecurity is a critical priority for modern organizations, requiring a proactive, multi-layered approach to protect systems, data, and users. Best practices include enforcing strong authentication, timely software updates, robust network security, regular data backups, and effective incident response planning.
Equally important is fostering a security-aware culture through employee training and adopting frameworks like Zero Trust to minimize risks. By combining advanced technologies with sound governance, businesses can stay resilient against evolving threats while ensuring operational continuity.
How can you leverage AI for cybersecurity?
Artificial Intelligence (AI) is revolutionizing cybersecurity by enhancing threat detection, automating responses, and improving predictive analytics. It helps identify anomalies, detect malware, and prevent phishing in real-time, while reducing false positives and streamlining operations. AI-driven tools enable faster incident response, proactive threat hunting, and continuous monitoring of vulnerabilities. By leveraging AI, organizations can strengthen defenses, adapt to evolving threats, and optimize resources, ensuring a more robust and cost-effective security posture.
How do you report cybercrime in Switzerland?
In Switzerland, cybercrime can be reported through the National Cyber Security Centre (NCSC) using their online reporting tool for incidents like phishing, ransomware, or fraud. For criminal matters, such as financial scams or identity theft, reports should also be filed with local police. In cases involving financial transactions, notifying your bank immediately is crucial. Organizations in critical infrastructure can seek guidance from MELANI, which is part of the NCSC. Prompt reporting with detailed evidence helps mitigate risks and supports national cybersecurity efforts.
