What We Do
How We Do
Get Started

Understanding Sensitive Data Risks and Securing Your Crown Jewels

BY eSentire

March 9, 2022 | 8 MINS READ


Cybersecurity Strategy

Sensitive Data Protection

Want to learn more on how to achieve Cyber Resilience?



Data is the lifeblood of today’s enterprises. No matter an organization’s size, specialization, or sector, its operations depend upon storing, handling, processing, and transmitting data.

What’s more is that much of the data that’s stored by your organization is considered sensitive and is therefore the target of data breaches and compromises. If your organization can’t secure your crown jewels adequately, it can prove to be a costly mistake.

According to the Cost of a Data Breach Report 2021, the average cost of a breach rose 10% from 2020 to 2021, reaching $4.24M USD—equivalent to about $160 per record. These costs were determined by accounting for the expenses of process-related activities across four cost centers:

Interestingly, the cost of a data breach is also impacted by variables such as maturity of the cybersecurity posture, adoption of remote work, and the use of ransomware:

To avoid incurring the costs associated with successful data breaches, you must understand the risks associated with the sensitive data your organization has access to, which starts with recognizing what data you possess, and what TTPs attackers will employ to access it.

Once you understand this, your cybersecurity team can prioritize the protection of the data and attack vectors to ultimately reduce the probability of the data breach, avoid the associated potential loss, and reduce your overall risk profile.

What is sensitive data?

Sensitive data encompasses a wide range of information and records, including:

In recent years, owing to the rise in cybercrime and data breaches, regulators have adopted clearer definitions of sensitive data, have tightened up the rules governing its processing, and have enforced penalties against organizations that fail to meet the requirements. For example, the European Union’s General Data Protection Regulation (GDPR) considers the following personal data to be “sensitive” and therefore subject to specific processing conditions:

While a subset of industries, such as healthcare, finance, and legal services, receive most of the attention (and generate most of the data breach headlines), the breadth of information that’s considered sensitive means that essentially every organization actually collects or processes it.

And that means practically every organization—no matter the size—is a target for data breaches.

Why value does sensitive data hold for cybercriminals?

Cyberattacks targeting sensitive data are widespread—but why is that the case? While it comes down to money, cybercriminals target sensitive data because it’s valuable to their operations both as a revenue source and as a direct enabler of malicious actions.

First, using ransomware attacks to make crucial information unavailable continues to generate impressive returns for cybercrime gangs, with the average ransom across all industries reaching $570,000 in the first half of 2021—an 83% increase over 2020.

Cyberattackers also routinely employ double- and triple-extortion tactics to compel their victims to pay to decrypt their files and data, but also to prevent the publication of PHI/PII—thereby possibly avoiding regulatory fines and keeping the event out of the public’s eye.

Second, whether the victim pays the ransom or not, the attacker may use the stolen data to advance their own activities and sell it on cybercrime marketplaces:

Unfortunately, the proceeds serve as fuel in the engine of cybercrime, self-funding extensive operations and ongoing research into new ways to victimize organizations. Leveraging this ecosystem of experts and ransomware-as-a-service reduces operational costs and accelerates the cybercriminals’ time to market, while leading to growing ransoms and ever-increasing revenue. Dropping operational costs and increasing revenue creates bigger profits, and cybercriminals will always follow the money.

Why are sensitive data risks growing?

Beyond the profit motive, there are two other reasons why the risks associated with sensitive data are growing: increased means and opportunity.

First, although cyberattacks are nothing new, cybercriminals continue to evolve their Tactics, Techniques, and Procedures (TTPs). For example, while ransomware attacks used to be opportunistic, today we see sophisticated operations that target high-value victims and combine automated elements with manual activities. The gangs behind these cyberattacks are organized, well-run, and even leverage role specialization to expand the reach and velocity of their campaigns. What’s more, the rise of ransomware-as-a-service and affiliate marketing models have made it even easier for new operators to break into the cybercrime market.

Second, the unfortunate reality is that cyberattackers have no shortage of attack vectors, due to a combination of factors, including:

How to secure sensitive data and reduce cyber risk

We live in a world where people constantly share personal information online giving threat actors endless opportunity and time to use personal data as a key that allows easy entry into a target network. So, when thinking about data security, it’s important to consider the probability of your traditional perimeter defenses being bypassed by hackers and how prepared your team is to protect against sensitive data theft.

Here are five recommendations for your cybersecurity team to secure your most sensitive data and reduce your cyber risks:

1. Adopt a risk-based approach

The foundation of any effective cybersecurity program is recognizing that cyber threats are business threats. For most organizations, the best way to direct scarce resources with the goal of reducing cyber risk over time is to adopt a risk-based approach to cybersecurity, rather than a maturity- or compliance-based approach.

To get started with a risk-based approach, organizations can perform a risk assessment to determine all the relevant factors that will shape their program: vulnerabilities, threats, industry factors, regulatory guardrails, and so on.

2. Understand (and quantify) your sensitive data risks

It’s also important to understand your sensitive data risks. While this may seem obvious, asking a few questions may lead to some surprising answers. For example:

3. Prioritize Phishing and Security Awareness Training (PSAT)

Many devastating cyberattacks begin with a phishing email that tricks a user into helping the threat actor. To counter this threat, organizations should provide employees and extended team members with some form of Phishing and Security Awareness Training (PSAT) as an important element of their cybersecurity program.

Effective programs leverage realistic threat scenarios to foster context-relevant (e.g., tailored to your industry and organization) cybersecurity awareness—ultimately driving behavioral change that reduces your risk by building a culture of cyber resilience.

4. Reduce the attack surface

Reducing the cyberattack surface is a crucial element of making it harder for threat actors to break into your environment and a comprehensive vulnerability management program is a cost-effective way to do so.

A great program includes continuous awareness of the threat landscape (e.g., from advisories, notifications, cyber news, etc.), vulnerability scanning to understand which systems are inadvertently exposed, and disciplined patch management.

5. Be ready to respond

A study commissioned by eSentire shows that it takes a cyberan attacker only 20 hours on average to breach an IT environment, locate sensitive data, and exfiltrate it. That means organizations have very little time to stop an attacker who breaks in—and that’s why engaging an Managed Detection and Response (MDR) provider is so important.

MDR leverages multi-signal coverages of the attack surface to quickly identify cyber threats that bypass existing defenses, triggering a combination of automated and human-led response to contain threats before they can become business-impacting events.

Like money in a bank, data is the currency of cybercriminals. Given its high value and importance to both an organization and their customers, it’s easy enough to extract payments from victims of a data breach. Especially since this data can be sold in cybercrime marketplaces and employed in subsequent cyberattacks.

To learn how eSentire can help you identify and contain cyberattacks early in the attack chain and prevent attempts to exfiltrate sensitive data, book a meeting with us now.


eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.

Read the Latest from eSentire