Consider This Cyber-Strategy for 2018: Adopt a Common Language for Cybersecurity
Security fragmentation is a recurring issue amongst many if not all industries. The growing threat of cyberattacks and data breaches is growing, yet the ability for industries to create standards is lacking. It's not that there hasn't been improvement - PCI DSS for cardholder data, HIPPA for healthcare, NIST SP 800-171 for department of defense and their supply chain. However, the threat only continues to grow as technology improves. Enterprises have a habit of acting on fear alone, once they become victims or their peers become victims of a cyber threat. In order to overcome the issue of security fragmentation, there must be a single cohesive language for organizations to communicate, and they need to be educated about the importance and benefit of following a framework or standard.
The Need for a Common Language for Cybersecurity
We as businesses leaders need to decide how we are going to improve the strength of our organizations and industries. As it stands, most have their own security standards or no standards at all. It is very ineffective and hard for others to be on the same page across industries because there is no way for us to communicate with each other when one industry is speaking about cyber in a different languge than another. Even within an organization, employees can fail to share information with each other because explaining to various departments seems too complex. Cybercriminals will undoubtably find the vulnerabilities created by a lack of understanding and communication, and inability for security stakeholders to translate the importance of certain cyber standards to non-security stakeholers and departments.
Part of running a proactive cybersecurity program is realizing that cyber isn't just an Information Technology problem. The reality is that security efforts only exist to better support and protect all business functions. Without the effort and understanding of all business areas, a security team's efforts to standardize cybersecurity tends to also be less effective and efficient than it would be otherwise.
NIST CSF: The Gold-Standard for All Organizations
Former President Obama recognized this problem in 2013 and gave an executive order that attempted to standardize best cybersecurity practices. This led to the creation of the Cybersecurity Framework (CSF), the most thorough Framework created to date that provides a common language for cyber across industries. The National Institute of Standards and Technology (NIST) lead the creation of the Framework and involved over 3,000 industry professionals to make the Framework as applicable to real business sitations as possible. Subsequetly, President Trump took the initiative a step further and made the framework a required part of federal agency policy.
The Framework is not just for government use, and it can be adapted to businesses of any size.
The NIST CSF is designed to enhance the security and resilience of the nation’s critical infrastructure, and as best practice for all businesses. The voluntary risk-based framework
integrates a set of industry standards and best practices to help organizations manage
cybersecurity risks. As of 2015, 30% of U.S. organizations were using the NIST CSF, and use is predicted to rise to 50% or more by 2020. With more industries, organizations, departments and stakeholders speaking the same language around cybersecurity, we will have more opportunities to explore solutions to threats and improve upon the solutions that we have already discovered.
Adopt the Framework to Improve Your Cyber Strength
The Framework is designed to be effective and specific in its recommendations while retaining
flexibility. Companies can adjust the focus of the Framework to better serve their business needs. The NIST CSF empowers any organization to significantly reduce cybersecurity risks, better detect and respond to security breaches, and quickly recover from incidents. Businesses should begin to think about when and how to implement CSF into their business if they haven't already.
The Issue: Complexity and Time-To-Value
The NIST website has many resources that can help your cyber team begin the
implementation process. However, the Framework is over 900 controls long and can take months and even years in some cases to implement.
The Cyberstrong Platform cuts through the chaos of implementing cybersecurity best practices, because implementing and following these requirements should be an effort all businesses and organizations should take on. The CyberStrong PowerControls can give your team visbility into all five NIST CSF functions in hours, and can help create an automated roadmap to success for adoption with efficient workflow and operationalization. The CyberStrong PowerControls give a streamlined approach to adopting the framework regardless of company size, and include intelligent threat intel mapped against your current security standards in real-time. Risk assessments are coupled with each control for a visual, agile, and robust approach to assessing and adopting the most comprehensive Framework to-date.