The National Institute of Standards and Technology (NIST) created the Cybersecurity Framework (CSF) to give businesses foundational structure and common language to address their own individual security needs. As larger businesses invest heavily in cybersecurity, bad guys are turning their focus to small business as they are perceived as easier targets. The NIST CSF is comprised of five critical functions or best practices that are also referred to as the Framework Core. The Core is comprised of – Identify, Protect, Detect, Respond and Recover. In our three previous articles we’ve covered what NIST is and that some form of cybersecurity posture is necessary, we’ve discussed how to identify what you need to protect and how to protect what’s most important. In this article we will be wrapping up the NIST topic and discussing how to detect, respond and recover from a cybersecurity event.
According to Verizon’s 2019 Data Breach Investigations Report 56% of breaches took months or longer for the organization to discover. Detection involves developing and implementing appropriate activities to identify a cybersecurity event and is arguably one of the most important as a breach or event can be life or death for your business. Your system should have continuous security monitoring that is designed to look for anomalies and events and report on them in a timely manner. In addition, employing threat hunting activities will give you increased visibility into your networking allowing for quick detection.
It can take nearly 279 days to identify and contain a security breach according to the Cost of a Data Breach Report conducted by IBM Security in 2019. Having a response plan will greatly assist in ensuring your business does not waste as much time. Once an event has been detected you must work immediately to prevent expansion of the threat, mitigate its effects and correct any damage. Under the response function you must also communicate to your internal and external stakeholders on the breach as directed by governmental authorities.
Once you’ve detected and responded you are on to the final function of recovery. Recovery is the time to reflect on event and develop process improvements incorporating lessons learned for future activities. At this time you may also need to communicate with outside sources, such as Internet Service providers, owners of attacking systems, victims, etc. Recovery is the time repair relationships with your clients as well. The way you handle it is an opportunity to gain greater transparency and trust with your internal (ex. staff) and external (ex. clients) stakeholders.
Small businesses often have more to lose when trying to recover from a security event. They are costly – from technical remediation, potential fines, loss of work productivity and reputation. Trust is the fuel that drives business relationships and success. Adding a reputable framework like NIST to your cybersecurity program helps nurture client confidence in your organization and enhance your reputation as a trusted vendor and help you stand out against your competition. Working with an experienced Cybersecurity expert is critical in making sure that your assets are protected from breach and exploitation.
Mythos Technology is an IT consulting and management firm that provides Managed Technology Services including hosted cloud and compliance solutions. For more information or copies of previous NIST articles, please visit www.mythostech.com or call (951) 813-2672.