Building security: Protecting the crown jewels of your company

Implementing cybersecurity in a company isn’t always that easy . One of the important aspects is to make an assessment about what assets need most protection – the crown jewels, if you will. Those exist on several conceptual levels. The systems that and organization needs   to stay operational certainly can be considered crown jewels. If certain systems or services become unavailable for any reason, and that outage has a fundamental impact on the company’s revenue stream, you have successfully identified the operational crown jewels of the company. Then there are still crown jewels at the data level. Any data, be it employee or customer data, trade secrets or any other piece of data can be critical. The rule of thumb here is: If the information is important for the company, and the loss of said data impacts the operation and especially the reputation, then you have identified a crown jewel and also what cybercriminals are likely to be after.

So you have to ask yourself a couple of questions:

• What could cause the biggest reputational damage?
• What could hurt the company financially the most?
• What could cause the biggest disruption?

By identifying your crown jewels, you will be able to accurately address the threats the organization or company is facing. Finding out your most important assets will also help point the way to a good security strategy and incident response plan. By this you will be able to create a strategy to protect your crown jewels. Without this step, you cannot possibly come up with a viable strategy. If you have no idea what to protect, then you also will have no way of knowing how to protect it, whatever “it” is.

Trust and reputation are among the most important intangible assets for a company. Both aspects are part of hat helps establish good customer relations, and also boost customer loyalty. A successful cyber attacks cane become the undoing of that trust which has often been built over several years, if not decades. This is all the more true if customer data is being accessed by criminals.

Leaked and stolen credentials pose a critical risk to organizations everywhere. More than 60% of breaches involve compromised credentials.  Every year millions of credentials appear on the dark web and in data dumps shared by cybercriminals. Cybercriminals purchase credentials from these sources, often in bulk, to gain a foothold into a lot of company networks in order to do account takeover attacksor exfiltratedata and much more. Herein lies the rub: once a set of credentials was stolen, it is hardly being noticed, unless someone with no authorization starts doing very noticeable, “loud” things. Otherwise, it flies completely under the radar. For this reason, the term “data theft” is also a misnomer, because unlike physical, tangible objects, that can be stolen, resulting in you not having access to it anymore (e.g. your wallet or your phone), a “stolen” password remains in the original owner’s possession and they can still use it as usual. Just like a case where a criminal quickly makes an impression of someone’s house key in order to fashion their own, the owner of that key will be none the wiser. Just as you would replace a lock if your keys have been stolen, you can always reset passwords for leaked credentials. This isn’t too difficult. However, trying to discover in a timely fashion when leaked credentials appear somewhere they do not belong, such as a dark web market platform, is a much bigger problem. Unable to monitor in real-time for sensitive information on their own, companies are left exposed to financial, possibly legal, and also reputational consequences. The dark web is where cybercriminals sell company data. Ransomware groups can even buy direct access to pre-compromised corporate networks.

A good security solution is an important tool to protect your company against all these threats. After all, a lot of the leaked information is coming from backdoors, RATs (Remote Administration/Access Tools) and spyware. As a lot of leaked information is also coming from combined social engineering attacks, you shouldn’t forget to use security awareness trainings to improve the security awareness for your employees.
Another good way to tackle leaked credentials is multifactor authentication (MFA) which adds a layer of protection to the sign-in process. When accessing accounts users provide additional identity verification for instance by scanning a fingerprint or entering a special code received by phone. This way leaked credentials needn’t to be always a big problem. At least use MFA in a strict way:

• Require MFA for all users coming from all locations including trusted environments and all internet-facing infrastructure even those coming from on-premises systems.
• Use more secure implementations such as ‘FIDO Tokens’ or ‘Authenticator Apps’ to avoid telephony-based MFA methods to avoid risks associated with SIM-jacking.

But there is always more an ‘advanced’ IT security team inside a big company can do:

• Monitor the Dark Web – the best approach might be to seek out a service that can do this for you.
• Automate collection and analysis of Tor sites, forums, shops and markets.
• Real-time alerting of mentions of your brand (eg. via Google)
• Access to various leaked credentials sources including the dark web, paste sites and data dumps.Some password manager services offer this as an option.
• Context to determine risk severity such as DNS records and Whois data.
• Try at least to monitor the used software in your environment and network for vulnerabilities and patches.