Mission-critical assets are known as ‘crown jewels’. These are high-value assets that would cause the most business disruption if compromised. Anything of value attracts the attention of criminals and this no different in cyberspace. Information technology (IT) systems and data make up a significant portion of an organisation’s crown jewels. These could be trade secrets, intellectual property, company or customer data, as well as operational and financial systems.
Organised cybercrime is the largest threat and is a lucrative and growing business, with common methods being ransomware, data breaches, malware and phishing. The impact of cybercrime in 2021 is estimated to be $1 trillion, but at least one major ransomware group, REvil, was recently taken out by Russian authorities.(1)
Many organisations have the basics in place but lack a formal framework to manage and reduce cyber risk. In some cases, key areas are neglected so there is no effective visibility of key cybersecurity metrics. This translates to leaving the ‘cyber gates’ wide open, making for an attractive target.
Costs to recover from physical or cyber incidents can be more than the cost of preventing such events. These costs are quantifiable, but damages to reputation and customer or shareholder confidence is difficult to assess and can be long-term. The costs of a data breach can run into the millions, including the cost of detecting a breach, business disruption, revenue losses from downtime, lost customers and acquiring new ones, breach notification and response activities.(2) Employee safety is a non-negotiable but can be compromised by cyber threats to operational technology.
Physical or real-world threats such as burglary, vandalism, fire and flooding are well understood. Money is spent on fences, alarms, security guards, fire detection and suppression. This protects physical assets against the potential business disruption, loss of revenue, customer confidence and even business closure in extreme cases. The same due diligence needs to be applied to protecting high-value logical assets or virtual crown jewels.
The Financial Sector Conduct Authority (FSCA) has acknowledged the risks in South Africa today: “The biggest challenge to every institution today is the frequency and sophistication of targeted cyberattacks, with perpetrators continually refining their efforts to compromise systems, networks and information, worldwide. Cyberattacks have been targeted at critical infrastructure and strategic industry sectors such as the financial sector.”
The South African Information Regulator views data breaches seriously and PoPIA (the Protection of Personal Information Act) allows for a fine of up to R10 million or imprisonment for up to 10 years.
The World Economic Forum says: “Cyber risk is a systemic challenge and cyber resilience a public good. Every organisation acts as a steward of information they manage on behalf of others. And every organisation contributes to the resilience of not just their immediate customers, partners and suppliers but also the overall shared digital environment”.
Wolfpack Information Risk recommends the following nine-step action plan:
1. Establish cybersecurity as a business priority with a clear vision and responsibilities. Cyber resilience is a leadership issue – the board takes ultimate responsibility for oversight of cyber risk and resilience.
2. Establish sound and robust processes for managing cyber risks.
3. Identify mission-critical information assets or crown jewels – understand which key business areas (processes, people and technology assets) are at risk.
4. Conduct a cyber risk assessment using a best-of-breed framework covering cybersecurity, privacy and resilience. Assess the main adversarial threats to the crown jewels.
5. Determine and implement the most appropriate method to protect the crown jewels. Build a prioritised roadmap to adopt cybersecurity fundamentals to preserve confidentiality, integrity and availability of data and IT systems.
6. Build internal competencies to maintain cyber resilience capability and to be adequately prepared to deal with cyber threats.
7. Initiate a shift in employees’ mindset to embed a culture of continuous security improvement into all aspects of business processes via continual awareness training.
8. Monitor effectiveness and make appropriate improvements as needed – undertake systematic testing and assurance regarding the effectiveness of security controls. Examples are penetration testing and third-party supplier risk assessments.
9. Prepare for incident response and notification of material cyber incidents to the regulated entities or authorities.
Taking action to prevent cybersecurity incidents will deliver the following business benefits:
• Ensure customer retention and confidence by demonstrating that you value their business and data.
• Ensure sustainability of operations, financial stability and competitive advantage.
• Protect the interests of shareholders.
• Provide an holistic approach to minimise the risk of business disruption and financial losses.
• Improve the visibility of your cybersecurity posture and maturity.
• Demonstrate duties of care by being aware of potential risks and implementing appropriate controls.
• Demonstrate good governance and avoidance of potential liability actions.
• Provide evidence that appropriate action was taken. This is essential in the event that a cyber breach occurs.
• Reduction in cybersecurity insurance premiums.
Please contact me to share your ideas, if you have been breached or need help, at bryan@wolfpackrisk.com. You can also report breaches at the National Computer Security Incident Response Team (CSIRT) at cshubcsirt@cybersecurityhub.gov.za.
Here are some resources used or referenced within this article:
(1)Reuters, Jan 2022, Russia takes down REvil hacking group at US request – FSB, www.instrumentation.co.za/*mar22-baxter1
(2)IBM Security and the Ponemon Institute, 2021, Cost of a Data Breach Report 2021, www.instrumentation.co.za/*mar22-baxter2
About Bryan Baxter
Bryan Baxter has been in the IT Industry since 1992 in various roles before recently joining Wolfpack Information Risk. He has helped customers successfully manage and deliver IT infrastructures to around 7000 users in several countries, where, of course, the recurring theme has been keeping customers secure from cybersecurity threats. For more information contact Bryan Baxter, Wolfpack Information Risk,
| Tel: | +27 11 794 7322 |
| Email: | info@wolfpackrisk.com |
| www: | www.wolfpackrisk.com |
| Articles: | More information and articles about Wolfpack Information Risk |
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version