Skip to main content Skip to Footer

LATEST THINKING


Achieving data-centric security

How to fend off breaches by being brilliant at the basics

OVERVIEW

Data breaches happen when organizations fail at fundamental data protection practices. Significant data breaches within organizations share three things in common. The high cost of breaches have long term financial effects, organizations have not fully appreciated the value of data as the lifeblood of their business and breaches are the result of multiple points of failure. Now more than ever, it is critical for every organization to make sure the basics of data-centric security are in place. It is not only the right thing to do, but also critical if organizations are serious about protecting their data.


DOWNLOAD THE FULL ARTICLE [PDF]

KEY FINDINGS

Whatever approach is taken to data breaches, and wherever they occur, they all have three common characteristics.

  • Breaches cost a lot. Estimates put financial losses of a severe event into the tens or even hundreds of millions of USD. Add on to that damage to brand and reputation, and ongoing financial and legal exposure.

  • Breaches expose the fact that data is not being valued as much as it should. Data is value and those who guard that value have significant advantage over those who do not.

  • Breaches pinpoint multiple points of failure within the business’ processes and procedures. Multiple processes and procedures had to fail for millions of customer records to be exfiltrated, and for that exfiltration to go undetected.

RECOMMENDATIONS

Organizations need to get their data protection fundamentals in order. They need to “be brilliant” at practicing data-centric security basics.

  • Identify and harden high-value assets -- establish which data is critical and make it difficult for adversaries to achieve their goals.

  • Build up defenses through network enclaves -- create environments to better monitor users.

  • Execute a hunting program -- assume a breach and use threat hunting teams to look for the next breach.

  • Use adversary simulation and catastrophe scenarios -- run scenarios to validate adversaries can be detected.

  • Scan applications -- validate scanning results and eliminate false positives.

  • Patch systems -- introduce automatic notification when applications require a patch.

  • Limit, monitor and segment access -- use two-factor authentication and role-based access to make automated decisions about who can see which data and systems.

  • Monitor anomalous and suspicious activity -- monitor for unauthorized access and for undiscovered threats.

  • Develop strategic and tactical threat intelligence -- have a sustainable threat intelligence program that collects and curates threat intelligence.

  • Create a security ecosystem --supplement internal talent with a diverse vendor support system.

  • Prepare for the worst -- transform your incident response plan into a crisis management plan.

AUTHORS

CONNECT WITH US








FOLLOW ACCENTURE ON:



Accenture Security on Twitter. This opens a new window Accenture Security on LinkedIn. This opens a new window.
Accenture Security on Youtube. This opens a new window. Accenture Security on Periscope. This opens a new window.
Accenture Security Blog.


Stay In The Know

Receive e-mails from Accenture featuring new content that matches your interests.

Visit the subscription center to make your selections and subscribe to New from Accenture.