In the realm of cybersecurity, an important concept for every leader to understand is that of Digital Crown Jewels ('DCJs'). These are your organization's most precious digital assets, consisting of the data you possess, process, and pass on that allows you to deliver on your strategy. This might include customer records, purchasing histories, employee records, finances and intellectual property information about proprietary products and services. DCJs also include an organization's data processing environment (DPE): how data flows through the organization and the processes by which the firm and its agents access and manipulate data. The challenge is this: the list of actors who pose a threat to the integrity of a firm's DPE is long and growing. The authors provide guidelines for protecting your DCJs in three categories: preventable risks, strategic risks and external risks. They end with a warning: act now, because the potential cost of failing to act is far too great.
PharmaCo was a large, multinational, integrated pharmaceutical company. Its board of directors was meeting to discuss a possible friendly merger with a complementary competitor and to review a quarterly cybersecurity report. However, before either of these discussions could begin, PharmaCo’s chief financial officer interrupted with news that the company’s customer database had been encrypted by hackers in a ransomware attack and a ransom of $25,000 in Bitcoin had been demanded. Unfortunately, this was the first in a series of cyber attacks affecting the organization. The board of directors must increasingly deal with a number of issues brought by management and make some critical decisions in overseeing this crisis.
PharmaCo was a large, multinational, integrated pharmaceutical company. Its board of directors was meeting to discuss a possible friendly merger with a complementary competitor and to review a quarterly cybersecurity report. However, before either of these discussions could begin, PharmaCo's chief financial officer interrupted with news that the company's customer database had been encrypted by hackers in a ransomware attack and a ransom of $25,000 in Bitcoin had been demanded. Unfortunately, this was the first in a series of cyber attacks affecting the organization. The board of directors must increasingly deal with a number of issues brought by management and make some critical decisions in overseeing this crisis.
If it hasn't happened yet, it is only a matter of time before your organization has a 'cyber incident'. The FBI estimates that a cyber incident will occur every 14 seconds this year, ranging from minor, accidental disclosures of sensitive information to a major theft of data and other valuable assets by criminals, state-sponsored actors, or terrorists. The authors show that cyber threats are the result of three interrelated characteristics: those who engage in cyber attacks, or the Threat Actors; the value they expect to extract from the Targets they attack; and the 'Attack Vectors' they will use to attack your organization. Understanding how these three elements interact is critical for every modern leader.