Prolific bank robber, Willie Sutton, was once asked, Why do you rob banks? He responded, that's where the money is.
photo by Jonny Lew from Pexels
One of the first things that you must do to provide resilient security for any software or cyber system, is to effectively identify what must be protected from attackers. This is crucial because, if you are unaware of a jewel that your system contains, it's highly unlikely that you would "luckily" protect it properly.
In some cases, you might know of a thing, without realizing that it's a priced jewel. Yes, just like the guy who found a quirky painting among grandad's mementos, and sold it for $15 dollars at a yard sale, before realizing it was worth $500,000. Don't be that guy.
How Do You Know What Is A Cybersecurity Jewel?
It's rather simple, just ask yourself these questions:
What information or functionality (associated with your cyber systems) is critical to your business'es success and its ability to deliver its objectives?
What information stored or processed by your systems, can classified as sensitive i.e.
Sensitive to your customers or employees, because it's their personal information?
Sensitive to your company, because it contains your trade secrets, intellectual property, or other information that could give your competitors an advantage?
Any information or functionality in your systems for which you answer yes to any of the questions above, is a Cybersecurity Jewel or Cybersecurity Asset (in nerd lingo). This is because the business (and people) are likely to hurt if an attacker were to tamper with them.
Summarily,
A Cybersecurity Jewel or Asset, is any information or functionality that is valuable to an organization or its customers, such that they will be negatively affected if an attacker were to access it, destroy it, or disrupt it.
Social Media Management App Example
Let's say you design a mobile app that provides centralized management of social media platforms to your users. For users to connect more than one platform, they have to pay a monthly subscription.
For that app, a few cybersecurity jewels are:
Username
Password
Authentication token (if your users login with 3rd party authentication provider like Google or Facebook)
Email address
Posts (i.e. scheduled unique content or critical announcements) that have not gone live yet
Can you think of any others?
Lastly..
Please remember, software innovator, that your skills and/or organization are quite essential to life as we know it today. And for that reason...
Great Software must have Resilient Security.