Cyber attackers are at the front door, the back door, the windows and any other available entry point into an organization targeted for attacks. Attacks are becoming more customized and sophisticated, sometimes utilizing a multi-pronged approach of insider, physical, and network attacks.
It is important that organizations of all sizes take time to identify the most critical information and to implement stronger defenses around those resources. While a unified, standard approach to security for all systems may sound appropriate, your organization may be over-securing lower priority elements, and under-protecting your most important information.
As an example, imagine a bio-technology company that has many different systems that support the company’s operations. One of the systems may house research and clinical study information that has cost over $1 Billion to produce over 12 years. Special measures should be deployed to insure the security of this information. A compromise of a lesser system may be expensive and disruptive, but the loss of an organization’s core assets could destroy the long term future of that entity.
The identification process should be a shared effort between the board of directors, senior/ operational management and the information technology function of the organization. Outside resources should be utilized to augment these efforts, and to help audit/monitor the ongoing security of this critical information.