In today’s digital world, cyberattacks are becoming commonplace, which means you need a framework that guides and aids in the control, management, and recovery from cyber breaches.
Frequently Adopted Cybersecurity Resilience Frameworks
Cyber resilient organisations typically use a framework or methodology to help them secure and protect data from cyberattacks. Two of the most well recognised and adopted frameworks are:
- The National Institute of Standards and Technology (NIST) Framework. This framework aims to improve the absence of security standards in an organisation and provides a structure for identifying and addressing an organisation’s capability to detect, prevent, and respond to cyber risks. In the Trends in Security Framework Adoption Survey, the NIST framework is seen to be the standard for data and computer security, as viewed by 70% of the represented organisations in the study.
- Center for Internet Security (CIS) Critical Security Controls. This framework includes a suggested set of cyber defences that offer specific actions to counter today’s increasing invasion of data security. These controls have core benefits, including focusing and prioritising more minor activities with outstanding results. Additionally, these controls are constantly updated and tailored based on new and evolving cyberattacks.
Assess your cybersecurity risk
Cybersecurity resilience frameworks provide organisations, big and small, a security approach that is flexible, prioritised, and performance based. Regardless of their size and profile, organisations should utilise a framework to identify areas in their system that pose vulnerabilities, which can be done by collaborating with relevant sectors and organisations that establish security standards. Any company must implement a process to track their progress, where they are now, and where they need to be. An effective cybersecurity resilience framework describes the current security stance, identifies the target security posture, continuous improvement, and assesses progress towards the target security position.
Understand the five key functions of cybersecurity resilience
There are five key ingredients, like any good recipe, that an organisation requires to be cybersecurity resilient and withstand cyber risks. It is recommended that five essential components of a framework be used to guide those security measures, and those five functions are:
The objective of this most critical function is to develop an organisation-wide understanding of managing cybersecurity risks to systems, assets, data, people, and capabilities, the whole kit and caboodle. The identity function ensures all business critical digital assets are managed and cybersecurity risks allows an organisation to be focused and consistent with its business needs and risk profile. This framework function covers a list of primary categories, including risk management strategy, risk assessment, governance, business environment, and asset management.
- Risk management strategy: the development of an organisation’s priorities, risk tolerances, and constraints. These are used to assist in decision-making during operations.
- Risk assessment involves a comprehensive understanding of the cyber risks in an organisation’s operations, individuals, and assets.
- Governance: necessary to manage and monitor an organisation’s operational, environmental, regulatory, risk, and legal requirements.
- Business Environment: This covers the definition of the organisation’s mission, objectives, stakeholders, and activities.
- Asset Management: This involves identifying facilities, systems, services, data, and personnel used to accomplish the organisation’s purposes.
This is one of the most essential component of the five functions. This involves developing and deploying suitable safeguards to ensure that the delivery of critical services is successful and uninterrupted. This function covers the limitation and control of secure access to critical physical and digital assets and systems to prevent unwanted cyber breaches. This function has six key categories:
- Protective technology: This covers the technical solutions for security and the implementation, review, documentation of log and audit records. This also focuses on protecting removable communications, media, and control networks.
- Maintenance: remote maintenance must be carried out with great care to prevent any unauthorised access. This will also promote maintenance that is appropriately scheduled and implemented.
- Information Protection Processes and Procedures: Security policies are maintained and leveraged in this category. These policies are first established under the Governance category of the Identify section of a framework.
- Data Security: This category revolves around supporting the integrity and confidentiality of data while also making it available. Stakeholders involved in security consistently work on managing the data that fits an organisation’s risk plans.
- Awareness and Training: Security education must be given to organisation personnel, regardless of position. This training should be carried out to ensure that the protection strategies of an organisation are maintained. To be forewarned is to be forearmed.
- Identity Management and Access Control: This covers the organisation’s appropriate management of credentials and identities related to its system authorised users. This also involves establishing secure access protection for these authorised users.
This function aims to implement and develop appropriate activities and actions to identify a cybersecurity risk event as rapidly as possible. The focus of this function is to recognise suspicious activities and quickly assess their effect on an organisation. This function has three key categories:
- Detection Processes: This category covers the organisation’s definition of roles and responsibilities involved in detecting and maintaining activities that detect abnormal events and protecting against cyber threats. This includes ensuring these actions comply with the industry needs and are tested and improved for use.
- Security Continuous Monitoring: In this category, vulnerability scans should be carried out throughout protected systems regularly. The organisation should monitor assets and information technology systems to identify issues in security and measure the ability of the safeguards in place.
- Anomalies and Events: The organisation should detect developments that are considered anomalous and understand the potential consequences of these events. Detection of these suspicious activities must be conducted hastily to ensure minimal disruption to any systems.
The objective of this framework function is to develop suitable actions to be actioned when a cybersecurity event is detected. This supports the capability of an organisation to withstand the impact of the inevitable cyberattack. The Respond function covers five key categories:
- Response Planning: After the Detection function, this category executes the response protocols when a cybersecurity incident is discovered. Expeditiously, these response plans should be implemented either during or after the cybersecurity event. This is not the phase to dilly-dally.
- Communications: After following the response plans, the concerned stakeholders of the organisation must coordinate the appropriate response activities, and if needed, they may seek assistance from law enforcement. The details of the cyber-attack event should be shared among the concerned individuals inside and outside the organisation to allow others to learn and improve their counter-cyber preparations.
- Analysis: This category revolves around the investigation and examination of the detected event. Analysis of the impact of the incident and the ability of the organisation to act must be involved.
- Mitigation: This involves taking actions that will prevent the cyberattack from continuing and spreading. Mitigating the potential impact of the threat is of utmost importance (obviously). But you already knew that!
- Improvements: After the cybersecurity event, the organisation should review the lessons from the previous response to threats in a detailed after-action review. These findings must then be implemented to assist and mitigate similar future events.
This last function has the objective of implementing and developing relevant activities to maintain resilience strategies. This also involves the restoration of any damaged services or capabilities caused by a cybersecurity breach. Promptly, the organisation should return to normal business operations to decrease cyberattacks. This function has three key categories that include:
- Recovery Planning: Depending on the timeliness of the incident, this category can happen during or after the event has concluded. Recovery plans should be carried out swiftly, and all affected systems should be supported, restored, and addressed rapidly but controlled manner. “Slow is smooth, and smooth is fast.”
- Improvements: This category revolves around the lessons learned during and after the cybersecurity event and how these can improve the organisation’s security strategies for future attacks and encroachments.
- Communications: This involves the coordination of efforts with concerned stakeholders. All recovery plans and strategies should be communicated amongst the involved individuals, whether internal or external, to reduce the damage and protect the organisation’s reputation and good standing.
“Invincibility lies in the defence.” Sun Tzu
That quote rings true if your defense is implemented correctly, maintained, and the players in your organisation, from top to bottom, view cyber security as a priority. Almost every organisation can benefit from the use of a cybersecurity resilience framework to help keep them and their business secure, all the way from a sole trader, right the way through to a large corporation.
Adhering to a framework establishes an organisation’s willingness to protect data and carry out the best security practices in all stakeholders’ interests. Using and adopting a framework does require commitment and investment but the payoff in terms of risk mitigation is very tangible. Adopting a framework is highly encouraged and often mandatory for an organisation to comply with various legal regulations and requirements.
If done correctly, an organisation creates resilience to existing and evolving cyber risks and prevent financial losses, something we can all agree is a good thing! If the organisation uses a recognised framework efficiently, its reputation and credibility will be protected from potential damages. The last thing any company needs is its reputation and good name, which took years to build, dragged through the mud. After all, once you’ve lost the trust of the public, you might as well call it a day.