In a previous article we looked at Shielding Your Crown Jewels: A Cybersecurity Framework for Protecting Critical Assets, where we prescribed a 5 step cycle for ensuring protection of critical business assets.
Based on experience supporting organizations in protecting critical assets I have seen common pitfalls faced by many organizations during the implementation of a framework to protect critical assets, below is a list of the top common pitfalls;
- Lack of a framework for protection of Critical Assets: Failure to define a framework for protection of critical assets is a common pitfall. An organization could have programs run in silos without proper coordination leaving loopholes in the protection of assets.
- Identify critical assets: One common pitfall is failing to identify all critical assets, or focusing only on obvious assets like financial data while overlooking other important data such as employee records. It’s important to take a holistic approach to identifying critical assets.
- Assess the risk: A common pitfall is failing to accurately assess the risk of each critical asset. This could be due to a lack of expertise or resources to conduct a thorough risk assessment, or a failure to consider all possible risks.
- Implement protective measures: A common pitfall is implementing the wrong protective measures or failing to implement them effectively. For example, implementing encryption but failing to properly manage the encryption keys, or implementing access controls but failing to properly define user roles and permissions.
- Monitor and test: A common pitfall is failing to monitor and test protective measures regularly. This could be due to a lack of resources, or a failure to prioritize monitoring and testing in the face of other demands on the organization.
- Continuously improve: A common pitfall is failing to incorporate latest security trends and technologies effectively into the existing framework. This could be due to a lack of resources or a failure to prioritize continuous improvement.
Conclusion
Its important to look at the common pitfalls at each stage framework for protecting critical assets so as to avoid the said pitfalls, consequently if you find yourself in one of the pitfalls then remedial action is required to rectify the defect.