The past year impressively showed that the global cybercrime market is not only becoming more complex, but also that attacks are getting more frequent and sophisticated. Cybercriminals continue – and even ramp up – their activities in times of crisis. This trend is hardly surprising. According to figures from Germany’s digital association Bitkom, the damage caused by hacker attacks in 2021 already amounted to approx. 203 billion euros. So what should you do?
Frequency of hacker attacks broken down by industry:
The «crown jewel approach» is a cybersecurity strategy that helps you identify and protect the most valuable or critical assets in your organization's information systems. These assets – the «crown jewels» – can include sensitive data such as customer and financial information or critical systems such as servers and networks. The goal of the approach is to prioritize the protection of these assets.
Once you identified your crown jewels, implement the security measures you've developed specifically to protect them. These measures include, for example, encryption, access control, and monitoring. The crown jewel approach is often used in combination with other cybersecurity strategies, such as risk management and defense in depth. While each strategy should be considered separately, it is the interplay of methods and techniques that leads to good results. When you know your most valuable assets and prioritize their protection, you are better equipped to defend against cyber threats and minimize the potential impact of an attack.
The cybersecurity framework currently forms the foundation of an approach you can apply to protect different areas as needed. It consists of the seven components identity, devices, network, data, applications, infrastructure, and security department. Companies that have introduced the cybersecurity framework report considerable and immediate success with it.
Now, the modernization of security processes is certainly a big task. First, you need to involve all stakeholders across the company. Second, you cannot assume that all the necessary measures to increase cybersecurity can be implemented in one project. It is therefore advisable to develop a plan with a specialist and determine the right approach. The benefits are two-fold: you avoid future difficulties or a change in security architecture, and you achieve tangible results at the same time.
There are some actions you can take immediately to reduce vulnerabilities, increase visibility, and improve your efficiency and effectiveness in defending against aggressive attacks:
Use the zero-trust approach – The zero-trust approach should be part of your security concept, because it provides a fully comprehensive protection for your IT landscape today. The protective measures cover all areas: users, end devices, networks, and data.
Use MFA (two-factor authentication) as you know it from your bank's online access. For you to increase security and get users' consent, the implementation of this security mechanism should be well planned.
Keep highly privileged accounts separate – Identify the accounts in your company that are of the most interest to attackers. Separate them using Privileged Access Workstations (PAWs) and protect your administrator accounts.
Secure your supply chain – Attackers are increasingly trying to «crack» your defenses by injecting malicious code or components into the software products you receive from the vendors you trust.
Invest in penetration testing – Analyze your entire system for vulnerabilities before attackers do. For this purpose, penetration tests are particularly suitable.
Make sure you have comprehensive investigation techniques – It's not enough to use penetration testing to analyze known vulnerabilities. You must have the option to analyze your entire environment. Try to gain comprehensive insight from multiple perspectives – from endpoint to identity, from data to IoT, and across clouds.
Integrate your security process tools – Eliminate silos and gaps in your protection with an integrated approach. Provide your analysts with a comprehensive and in-depth defense capability using an integrated cloud-based SIEM (Security Information and Event Management) and XDR (Extended Detection and Response).
Involve a cybersecurity service partner – A competent partner can help you not only with every phase of implementing and operating a security department, but also with training your employees.
Cyber attacks change as quickly as the technologies we use to counter them. There is no way around closing gaps in traditional cybersecurity practices and reducing the time it takes to detect and respond to threats. A key to this are forward-looking tools and support from a partner specializing in cybersecurity. Another key are the employees – known to be the weakest link in the line of defense. Get them prepared with awareness trainings. Employees who know how to protect themselves effectively against cyber attacks in their day-to-day work and properly functioning technical measures are an unbeatable combination.
This article was originally published (in German) in Computerworld on March 10, 2023.