Evolving Technology & the NIST Cybersecurity Framework

As technology becomes more available and integrated into our daily lives and businesses, it is important that we are aware of the vulnerabilities.

Intel recently reported that the “Internet of Things” has grown from 2 billion objects in 2006 to projected 200 billion by 2020 - that’s 26 smart objects per human on planet earth. In addition, most IoT devices aren't in our homes, cars, or smartphones. Instead, they're consolidated in factories, businesses, and healthcare. Migration of data to third-party cloud providers, mobile services, applications that involve collecting and analyzing Big Data, all run the risk of attack.

Manufacturing alone is projected to have a total worth of USD 2.3 trillion dollars in smart objects by 2025, and healthcare USD 2.5 trillion out of the global total of USD 6.2 trillion. In healthcare, the cost of cyberattacks on medical devices is expected to reach $101 billion by 2018. Attacks like ransomware WannaCry from May 2017, which inscribed itself on about 300,000 computers and digital software in 150+ countries, are just an example of the danger organizations face today, and a call to enact strict cybersecurity measures in order to reduce risk and reduct the cost of an attack if it does break though.

A recent Forbes article stated that most technology is vulnerable and can be hacked, and it's becoming more obvious every day. Thousands of cybersecurity vulnerabilities and breaches are identified every year, regardless of vendors precision at shutting down an attack. It’s time for businesses to be proactive about their cybersecurity approach.

The National Institute for Standards and Technology’s framework created a set of guidelines in their framework that attempts to solve this problem of internal cybersecurity management, and is nationally recognized and its publications are required for some organizations. NIST’s framework identifies actions companies can take to become more robust in their cyber posture and actually explains how to accomplish this, unlike its prior publications. The idea is to check all the boxes within your organization so that you can know you’re lowering your risk of an attack, to be proactive rather than reactive about your cyber posture. NIST calls this, “a high-level strategic view of the lifecycle of an organization’s management of cybersecurity risk” with 5 key concurrent and continuous functions: Identify, Protect, Detect, Respond, and Recover. 

The NIST Framework is truly applicable to any organization as a jumping off point to establish their cybersecurity posture. It turns in traditional, more audit-based policies for a risk-based approach to cybersecurity management. It’s a guideline for enterprises to update their risk management approach, as many U.S. organizations across sizes and industries already leverage some type of security framework.

The CyberStrong™ Solution

The NIST CSF is quickly emerging as best practice. CyberSaint’s platform, CyberStrong™, is built upon this gold-standard framework and includes the technical controls in various frameworks depending on your organization’s needs. Utilizing measuring and reporting tools, you can manage and evaluate your organization’s cyber posture in real time from one secure platform in language that isn't restricted to security professionals. Take charge of your company’s cybersecurity posture and communicate to your team, superiors, and board, managing cyber as a business function in your organization and reducing the immense costs that your organization could incur.

Alison Furneaux