NIST – Achieving Alignment in Cybersecurity
Technology has always been a dynamic market. Traditional focus has moved from a hardware/software to virtualization and the cloud but data has clearly been designated as the true prize and in the unpatrolled world of the Internet, it is up to you to secure it. You can have the fastest car in the lot but take it down a dirt road and you’re in trouble. The difficulty with protecting data thus far has been the lack of standardization of how to go about protecting it but the Cybersecurity Framework (CSF) developed by the National Institute of Standards and Technology (NIST) is providing the foundation that has been missing.
Though the NIST is part of the Department of Commerce, companies are not mandated to follow any of their standards unless you work with the Federal Government and it is a contractual provision. The value of the CSF to non-government serving businesses is a common language around cybersecurity and future proofing your security posture for regulations to come. Both the California Consumer Privacy Act and the New York Department of Financial Services Cybersecurity Regulation use NIST guidelines in their framework and many other states are rolling out new laws forcing business to have formal cybersecurity policies
The topic of cybersecurity is often met with an “it’s not going to happen to me” attitude even though you’ve probably received breach notification emails from companies you’ve given your personal information to. In 2018 alone 5 billion sensitive records were compromised. Picture for a moment how your business would be affected if you had to send your employees and customers an email that their personal information had been compromised. Will they trust you moving forward? What will you need to do to repair the relationship? What will the government fine you for the breach?
The NIST framework can be applied to any size business. Getting your arms around the basics is the best way to start building your cybersecurity posture. The core of the framework is broken down into 5 functions:
Identify – Think through all of your systems, people, assets, data and capabilities.
Protection – Implement your safeguards and conduct ongoing maintenance.
Detect – Processes and procedures for timely detection are crucial to mitigate loss.
Respond – A cybersecurity response plan details out the how, who and what when there is no time to waste.
Recover – Create a plan to be resilient and restore operations back to normal.
Beyond the potential for loss of business and reputation damage a data security breach in itself can cost you a significant amount of money from data recovery to fines. By working through the NIST 5 functions to begin your framework, you’ll be able to clearly gauge your acceptable risk level and plan out where action is needed in your environment. While this can be done in house, depending on your particular talents, an outside specialist will be able to assess your infrastructure from a different perspective and is usually the best source for up to date information and process control. Whatever your path, it needs to get done.
Mythos Technology is an IT consulting and management firm that provides Managed Technology Services including hosted cloud and compliance solutions. For more information, please CONTACT US or call (951) 813-2672.