Mitiga Appoints Charlie Thomas as CEO READ THE RELEASE

Mitiga Announces $30M Series B Led by SYN Ventures READ THE NEWS

Customers
Why Mitiga
Request a DemoEmergency Assistance
Home
»
Blog Main

Organizations have widely adopted the Crown Jewels concept in their efforts to build cost-effective cybersecurity strategies and plans in the ever-growing world of risks and challenges. However, the Crown Jewels concept could undermine the chances of effectively detecting, reacting to and recovering from a cyber-attack. It is time for the adoption of new concepts and new methodologies.

In this post, we will look into the process of Crown Jewels Analysis, what it lacks, and how it can be fixed to address current and future challenges.

Crown Jewels Analysis

Crown Jewels Analysis (CJA) is a process for identifying the digital assets that are critical to the accomplishment of the missions of an organization and that if compromised, would have a major business impact.

The Crown Jewels Analysis is often viewed as the first step in the process of building a comprehensive cybersecurity plan for an organization. It is usually followed by an analysis of the threats that adversaries may pose to the assets identified as crown jewels, and the selection and implementation of the most appropriate methods for protecting them.

As it is practically impossible to protect every component of an organization’s IT infrastructure against a possible cyber-attack, the identification of the most important components seems to be the most logical thing to do in order to help the cybersecurity teams focus their (rather limited) efforts and resources in an effective and efficient manner.

But is it so?

Critical Asset Vs. Critical Pathway

Let us look at a specific digital asset that can be found in almost every organization: a system administrator’s computer. System administrators (aka sys-admins) keep computer networks in order. To do that efficiently, they need to have very good visibility of the organization’s IT infrastructure.

From an attacker’s point of view, a sys-admin’s computer could provide invaluable information, including high privileged access credentials, network maps, business correspondence, cybersecurity architectures, software and hardware inventories, business correspondence and more.

It would be reasonable to assume that, at least for some cases, cyber attackers will tend to “gravitate” towards sys-admin computers as they attempt to gain access to an organization’s crown jewels. A Sys-admin computer can, therefore, be considered as a central asset in the attacker’s critical pathway towards the organization’s crown jewels.

A Crown Jewels Analysis, however, will rarely identify a sys-admin’s computer as part of the crown jewels set of an organization, and rightly so: defining these types of assets as “critical to the accomplishment of the missions of the organization” requires a very broad, rather impractical, interpretation of the crown jewels concept.

The debate on whether or not a certain digital asset is a crown jewel is not purely theoretical. As described above, this definition determines the level of attention that cybersecurity teams will pay to protecting these assets, and not others, against cyber-attacks.

A cybersecurity team implementing only Crown Jewels Analysis could undermine the chances of effectively detecting, reacting to and recovering from a cyber-attack, by failing to prioritize assets in the critical pathways: the digital assets that, although not crown jewels, are attractive for attackers as they have a critical role in their operational plan to compromise the crown jewel. Sys-admin computers are just an illustrative example of these unique types of assets.

From Crown Jewels to Centers of Gravity

CJA is a fundamental phase in building an organization’s cybersecurity posture — but it is not sufficient. Organizations should also be able to identify critical pathways and digital assets with high probability of being compromised by cyber attackers on their path to the “crown jewels”.

Identifying these “gravitational” nodes requires not only an in-depth understanding of an organization’s digital landscape (including its “crown jewels”), but also a deep understanding of the threat landscape and the attacker’s mindset, modus operandi and TTPs.

By combining the defender’s perspective and the attacker’s analysis of the organization, these “gravitational” nodes (“Centers of Gravity” or CoGs) are revealed. Identifying the CoGs reduces blind spots and improves the CISO’s ability to develop a thorough security strategy that fits the current and future challenges.

Let me know what you think of the CoG concept.

Whitepaper: The 9 Fundamental Ways Incident Response Is Different in the Cloud

LAST UPDATED:

November 14, 2024

Don't miss these stories:

Understanding the Sisense Breach: A Guide to Cloud Threat Hunting for Sisense Customers

On April 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) announced its collaboration with private industry partners to address a significant security breach affecting Sisense, a prominent provider of data analytics services. This compromise, unearthed by independent security researchers, raised alarms within the cybersecurity community, prompting swift action from both government agencies and affected organizations.

The Rising Threat of AI-Enabled Adversaries: Preparing for the Next Wave of Cloud and SaaS Attacks

Learn how adversaries weaponize AI technology and strategies to defend against AI-enabled threats.

Cyber Trends for 2024: What Security Leaders Should be Executing Next

As we hurtle into this new year, it’s already clear that there is an evolving set of cyber risks that organizations will need to contend with successfully to manage threats and grow their organizational resilience in 2024. Below, I’ll outline three of the biggest ones, sharing recommendations and execution checklists that can help enterprises enhance their threat readiness and elevate security postures as the threat landscape continues to evolve.

How to Protect Your Business From the Most Dangerous Cyberthreats

Ransomware attacks are on the rise, and it now more important then ever to be prepared. Be prepared by having an up-to-date incident response plan. Learn more.

Stop Ransomware Attackers From Getting Paid to Play Double-Extortionware Games

In the past, many companies relied on backups to get back to business quickly if they were attacked. Reliable, secure backups separated from the primary environment made it much more difficult for an attacker to access and encrypt them. That long-standing process no longer deters double-extortionware actors — instead, today’s attackers not only encrypt the data but also exfiltrate it.

SEC Cyber Disclosure Rule FAQ: What Leaders are Asking Us

The U.S. Securities and Exchange Commission (SEC) recently implemented a new rule mandating stringent cybersecurity incident reporting and disclosure requirements for public companies.