What We Do
How we do it
Resources
SECURITY ADVISORIES
May 11, 2022
CVE-2022-26923 - Active Directory Domain Services Elevation of Privilege Vulnerability
THE THREAT Microsoft has disclosed a new vulnerability impacting Active Directory Certificate Services (ADCS) tracked as CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability). If exploited successfully, an authenticated attacker can escalate privileges in environments where ADCS is running on the domain. eSentire is aware of technical details and tooling [2] for…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
May 17, 2022
Cybersecurity Leader eSentire Continues Its Commitment to Rigorous Security Standards Earning PCI DSS Certification
Waterloo, ON, May 17, 2022 — eSentire, the Authority in Managed Detection and Response (MDR), maintains one of the most secure and robust IT environments of any MDR provider in the industry. To that end, eSentire today announced that it has received the Payment Card Industry Data Security Standard (PCI DSS) certification, considered one of the most stringent and comprehensive payment card…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Mar 09, 2022

Understanding Sensitive Data Risks and Securing Your Crown Jewels

Speak With A Security Expert Now

Data is the lifeblood of today’s enterprises. No matter an organization’s size, specialization, or sector, its operations depend upon storing, handling, processing, and transmitting data.

What’s more is that much of the data that’s stored by your organization is considered sensitive and is therefore the target of data breaches and compromises. If your organization can’t secure your crown jewels adequately, it can prove to be a costly mistake.

According to the Cost of a Data Breach Report 2021, the average cost of a breach rose 10% from 2020 to 2021, reaching $4.24M USD—equivalent to about $160 per record. These costs were determined by accounting for the expenses of process-related activities across four cost centers:

Interestingly, the cost of a data breach is also impacted by variables such as maturity of the cybersecurity posture, adoption of remote work, and the use of ransomware:

To avoid incurring the costs associated with successful data breaches, you must understand the risks associated with the sensitive data your organization has access to, which starts with recognizing what data you possess, and what TTPs attackers will employ to access it.

Once you understand this, your cybersecurity team can prioritize the protection of the data and attack vectors to ultimately reduce the probability of the data breach, avoid the associated potential loss, and reduce your overall risk profile.

What is sensitive data?

Sensitive data encompasses a wide range of information and records, including:

In recent years, owing to the rise in cybercrime and data breaches, regulators have adopted clearer definitions of sensitive data, have tightened up the rules governing its processing, and have enforced penalties against organizations that fail to meet the requirements. For example, the European Union’s General Data Protection Regulation (GDPR) considers the following personal data to be “sensitive” and therefore subject to specific processing conditions:

While a subset of industries, such as healthcare, finance, and legal services, receive most of the attention (and generate most of the data breach headlines), the breadth of information that’s considered sensitive means that essentially every organization actually collects or processes it.

And that means practically every organization—no matter the size—is a target for data breaches.

Why value does sensitive data hold for cybercriminals?

Cyberattacks targeting sensitive data are widespread—but why is that the case? While it comes down to money, cybercriminals target sensitive data because it’s valuable to their operations both as a revenue source and as a direct enabler of malicious actions.

First, using ransomware attacks to make crucial information unavailable continues to generate impressive returns for cybercrime gangs, with the average ransom across all industries reaching $570,000 in the first half of 2021—an 83% increase over 2020.

Cyberattackers also routinely employ double- and triple-extortion tactics to compel their victims to pay to decrypt their files and data, but also to prevent the publication of PHI/PII—thereby possibly avoiding regulatory fines and keeping the event out of the public’s eye.

Second, whether the victim pays the ransom or not, the attacker may use the stolen data to advance their own activities and sell it on cybercrime marketplaces:

Unfortunately, the proceeds serve as fuel in the engine of cybercrime, self-funding extensive operations and ongoing research into new ways to victimize organizations. Leveraging this ecosystem of experts and ransomware-as-a-service reduces operational costs and accelerates the cybercriminals’ time to market, while leading to growing ransoms and ever-increasing revenue. Dropping operational costs and increasing revenue creates bigger profits, and cybercriminals will always follow the money.

Why are sensitive data risks growing?

Beyond the profit motive, there are two other reasons why the risks associated with sensitive data are growing: increased means and opportunity.

First, although cyberattacks are nothing new, cybercriminals continue to evolve their Tactics, Techniques, and Procedures (TTPs). For example, while ransomware attacks used to be opportunistic, today we see sophisticated operations that target high-value victims and combine automated elements with manual activities. The gangs behind these cyberattacks are organized, well-run, and even leverage role specialization to expand the reach and velocity of their campaigns. What’s more, the rise of ransomware-as-a-service and affiliate marketing models have made it even easier for new operators to break into the cybercrime market.

Second, the unfortunate reality is that cyberattackers have no shortage of attack vectors, due to a combination of factors, including:

How to secure sensitive data and reduce cyber risk

We live in a world where people constantly share personal information online giving threat actors endless opportunity and time to use personal data as a key that allows easy entry into a target network. So, when thinking about data security, it’s important to consider the probability of your traditional perimeter defenses being bypassed by hackers and how prepared your team is to protect against sensitive data theft.

Here are five recommendations for your cybersecurity team to secure your most sensitive data and reduce your cyber risks:

1. Adopt a risk-based approach

The foundation of any effective cybersecurity program is recognizing that cyber threats are business threats. For most organizations, the best way to direct scarce resources with the goal of reducing cyber risk over time is to adopt a risk-based approach to cybersecurity, rather than a maturity- or compliance-based approach.

To get started with a risk-based approach, organizations can perform a risk assessment to determine all the relevant factors that will shape their program: vulnerabilities, threats, industry factors, regulatory guardrails, and so on.

2. Understand (and quantify) your sensitive data risks

It’s also important to understand your sensitive data risks. While this may seem obvious, asking a few questions may lead to some surprising answers. For example:

3. Prioritize Phishing and Security Awareness Training (PSAT)

Many devastating cyberattacks begin with a phishing email that tricks a user into helping the threat actor. To counter this threat, organizations should provide employees and extended team members with some form of Phishing and Security Awareness Training (PSAT) as an important element of their cybersecurity program.

Effective programs leverage realistic threat scenarios to foster context-relevant (e.g., tailored to your industry and organization) cybersecurity awareness—ultimately driving behavioral change that reduces your risk by building a culture of cyber resilience.

4. Reduce the attack surface

Reducing the cyberattack surface is a crucial element of making it harder for threat actors to break into your environment and a comprehensive vulnerability management program is a cost-effective way to do so.

A great program includes continuous awareness of the threat landscape (e.g., from advisories, notifications, cyber news, etc.), vulnerability scanning to understand which systems are inadvertently exposed, and disciplined patch management.

5. Be ready to respond

A study commissioned by eSentire shows that it takes a cyberan attacker only 20 hours on average to breach an IT environment, locate sensitive data, and exfiltrate it. That means organizations have very little time to stop an attacker who breaks in—and that’s why engaging an Managed Detection and Response (MDR) provider is so important.

MDR leverages multi-signal coverages of the attack surface to quickly identify cyber threats that bypass existing defenses, triggering a combination of automated and human-led response to contain threats before they can become business-impacting events.

Like money in a bank, data is the currency of cybercriminals. Given its high value and importance to both an organization and their customers, it’s easy enough to extract payments from victims of a data breach. Especially since this data can be sold in cybercrime marketplaces and employed in subsequent cyberattacks.

To learn how eSentire can help you identify and contain cyberattacks early in the attack chain and prevent attempts to exfiltrate sensitive data, book a meeting with us now.

Skip To:

  • What is sensitive data?
  • Why value does sensitive data hold for cybercriminals?
  • Why are sensitive data risks growing?
  • Here are five recommendations for your cybersecurity team to secure your most sensitive data and reduce your cyber risks:
View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.