Holding Data Hostage
The most powerful asset any organization has is customer data or internal corporate or IP data, meaning that business risk is typically concentrated around data, said Michael Maggio, Reciprocity’s executive vice president of product. Adversaries have become more focused on holding a victim’s data hostage rather than trying to sell it to someone else since the former provides a faster return on investment.
Defenders should start by understanding what data could potentially be exposed and identity where there might be violations or regulations or standards such as HIPAA, PCI or SOC 2, Maggio said. From there, Maggio said businesses should examine what controls they have in place to protect their crown jewels as well as the financial cost associated with something like the theft of customer data records.
Businesses should assess their cyber-risk profile by looking at what business assets and processes are exposed to the outside world, according to Maggio. From there, Maggio said organizations should look for security software, tools or methodologies that control access to that data such as firewalls or encryption to better protect the data.