Every organization today has high-value assets, or as we like to call them, "crown jewels," that should be protected with the utmost vigilance at all times. These may include customer account details, personal identifiable information (PII), payment systems, or other financial assets that, if exposed or exploited, could result in detrimental loss for a business and its brand equity.
But what is often missing in a discussion around high-value assets are the items that are time-sensitive or associated with a particular campaign or business initiative, like a holiday discount code or coupon that is only valuable for a short period of time. Mostly, people consider such assets fleeting in nature, and don’t spend time and energy thinking about the risk that could ensue if leveraged for nefarious purposes.
Let us call these "situational crown jewels," and while they don’t require the same level of protection as their more permanent counterparts, failing to think about the risks they pose could be just as detrimental.
Imagine, for example, a retailer offers a special marketing program and associated discount code for a select group of loyal customers that is only redeemable during Cyber Monday. That retailer will likely set up specific applications or infrastructure to handle these goods, as they represent a different buying pattern from their usual business. Unlike the applications and infrastructure they run all year that has been well tested and secured, this type of application might not receive the necessary time and budget to sufficiently secure.
Couple this with the fact that, unlike physical goods that have gravity and are in many respects easier to track and follow, electronic goods can move worldwide and exchange hands a number of times instantaneously
So, how should businesses go about protecting their situational crown jewels? Here are a few suggested tips to cross reference as you brace your business for a big wave in activity:
Identify your situational crown jewels
While you may have already classified your ongoing high-value assets, make sure all relevant stakeholders understand which situational crown jewels pose a risk to your organization’s security and map out the potential impact, should those assets be exploited.
Determine the best protection or controls
There are many layers to protecting applications that host crown jewel assets, like multi-factor authentication, vulnerability management, and segmentation. While each are important, segmentation specifically can stop the spread of a breach within an organization, minimizing its impact. You can learn more about the importance of segmentation here.
Evaluate the cost of protection and invest early
Security often comes at the end of a development cycle, but, unfortunately, date-driven initiatives like Cyber Monday deals don’t allow for flexibility. With that said, start early to better understand what tools and protocol you’ll need to implement to avoid an outage or a headline-worthy attack and get to work securing the budget and resources required.
And remember, it’s a marathon, not a sprint. While you may be bracing your business to account for situational crown jewels and an influx in traffic this Black Friday and Cyber Monday, proper protection is not fleeting like those holiday cups at Starbucks. Good security should be baked into your organization’s culture and accounted for all year round.