It seems the threat posed by well-organized threat actors grows grislier by the day. Just consider this: In June 2024, Ticketmaster, one of the largest ticket sales and distribution company globally, confirmed that threat actors had brute-forced through its digital defenses and stolen the personal details of 560 million customers, including names, addresses, phone numbers and partial credit card details.
But when we zoom into each of these debilitating data breaches, a common flaw emerges – a consistent inability of victim organizations to disproportionately allocate their limited resources to protect their crown jewels. These are critical assets that, if compromised, could cause severe operational, financial or reputational harm. These include customer data, proprietary technologies, intellectual property (IP), financial records and essential business processes.
Media reports suggest that Ticketmaster had insufficient monitoring and controls around their Snowflake database (a cloud-based data warehouse platform). Worryingly, data breaches resulting from poor crown jewels protection are not new. Back in 2014, threat actors breached Sony’s network and pilfered high-value intellectual property, including unreleased movies and sensitive executive emails, costing the company millions in recovery efforts and reputational damage.
Below, I offer a practical four-step process for cybersecurity teams to cost-effectively boost their crown jewels security:
1. Identify Your Crown Jewels
As the old saying goes, you can’t improve what you can’t measure. Similarly, it's impossible to protect your crown jewels if you don’t fully understand them. The first step is to develop a comprehensive inventory of all your digital assets. Depending on the maturity of your organization’s IT environment, this could range from a manually maintained spreadsheet to a fully automated Configuration Management Database (CMDB) where all your assets are onboarded and offboarded during their lifecycle.
Once you have detailed the assets and their respective owners, you then move on to rank each application according to its criticality and the sensitivity of the data it handles. There are three additional steps you can take to ensure the completeness of your crown jewels inventory and to align them to business priorities:
- Facilitate workshops with key stakeholders to understand mission-critical processes and then map digital assets that underpin those processes.
- Conduct business impact analysis (BIA) to establish which data, systems or processes are critical to business operations.
- Understand your regulatory and external obligations and map systems that support your licence to operate.
There is certainly no one-size-fits-all approach to identifying crown jewels. Each process should be informed by the industry vertical, business priorities and key risks you face. For example, the crown jewel for financial institutions could be their payment systems, customer data, and trading algorithms, whereas the crown jewels for a coffee shop could be customer data, point-of-sale system, supplier contracts and invoices.
2. Apply a Risk-Based Approach
A risk-based approach directs limited resources toward protecting assets that matter most, eliminating waste and zooming the team’s attention towards alerts that could cause significant harm. The idea is to simplify the process, and rate your systems into high, medium or low. The next step includes defining high-impact controls – a small set of people, process and technology controls that significantly reduce risk. You can base this on a framework closely related to your needs, such as NIST, ISO27001 and FAIR or threat modeling techniques such as – DREAD, STRIDE, etc.
Examples of the mandatory controls include:
- Network segmentation: Isolate critical assets to prevent lateral movement within the network. Using logical access controls, create a further layer of controls to ensure broader network intrusions do not impact your high-value systems.
- Data loss prevention: Deploy detective and preventative controls to reduce the likelihood of sensitive data exfiltration and meet privacy law requirements.
- Multifactor authentication: Implement MFA to significantly reduce the risk of unauthorized access to crown jewels through stolen credentials.
- Privileged access management: Harden controls around super user access through role-based and just-in-time (JIT) access and automated password rotation.
- Monitor and respond to threats in real-time: Deploy security information and event management (SIEM), user behavior analytics (UBA), or application performance monitoring (APM) to eliminate false positives and rapidly act on threats to your crown jewels.
- Leadership visibility/board-level reporting: Provide visibility of risks and protection status of critical assets to your executive leadership and board through a simplified dashboard and clear-cut commentary.
- Provide targeted training to administrators charged with protecting high-value digital assets.
These practical controls ensure attackers encounter multiple barriers, limiting the likelihood and impact of data breaches.
3. Monitor and Validate Continuously
Crown jewels protection is not a one-off activity but a never-ending cycle, including ongoing assessment of completeness of the inventory, emerging threats and adequacy of key controls. Threat modelling and attack path mapping (as outlined by ISACA) can help identify new avenues threat actors could exploit to compromise your crown jewels. By doing so, you can align your control measures to emerging threats. Another framework is the Cyber Kill Chain framework, a model for the identification and prevention of cyber intrusion activity. Additionally, you can target your individual assurance (red teaming, third-party audits, penetration testing, source code reviews) toward high-risk digital assets. Major issues must be promptly assigned, prioritized and remediated.
4. Other Considerations
Here are three additional considerations to further boost your crown jewels protection:
- Cloud services: If your crown jewels are hosted in the cloud, leverage native tools such as Cloud Security Posture Management (CSPM), Cloud Access Security Broker (CASB), Cloud Workload Protection Platform (CWPP) and more. ISACA highlights the importance of aligning cloud initiatives with business objectives to ensure critical data remains secure and compliant with regulations.
- Secure-by-design: Embed key controls deep into the design stage, ensuring new systems are secure by default. This also removes the unnecessary cost and complexity associated with bolting security later on.
- Third-party contracts: Mandate legally enforceable security controls into third-party contracts. Crown jewels should be defined clearly in the vendor’s contract.
Collaboration Required to Protect Crown Jewels
Identifying and protecting crown jewels requires collaboration between cybersecurity teams, business units and leadership. Regular audits, network segmentation, access management and employee training are critical to building a robust defense strategy. As ISACA emphasizes, protecting these high-value assets preserves business continuity and ensures that limited security resources are applied where they matter most.
Author’s note:The views expressed in the article are mine and do not necessarily represent the views of my employer.
