A comprehensive approach to securing your organization against cyberattacks
Cybersecurity will always be a moving target for businesses. Although achieving a 100% secure environment is impossible, adopting best practices can significantly shrink the threat landscape, lessen the impact of malicious actors and enable businesses to recover quicker from potentially crippling cyberattacks.
Security leaders must devise strategies to stay ahead of cyber criminals who continuously attack organizations with ever-evolving approaches. But how can they keep up with what seem to be innumerable threats? The NIST cybersecurity framework details how organizations can strengthen their cybersecurity posture by adhering to best practices.
Integrating the principles of the NIST cybersecurity framework with comprehensive employee training will equip security teams and the businesses they support with the necessary preventative tools and proactive defenses to manage the current threat landscape effectively.
Why NIST Now
The NIST cybersecurity framework provides a holistic, layered approach to cybersecurity defense that involves several key elements for structuring cybersecurity plans, including the following security actions: Identify, Protect, Detect, Respond, Recover and Govern.
Identifying Assets and Risks
To fully protect an environment, you must first know what assets are connected to it. In today’s highly connected world, devices can range from laptops and smartphones to cameras and sensors. Then you must determine the risk each device poses to the overall environment. Risk assessment must include physical and virtual assets and anything tapping into the environment from remote locations.
End-of-life systems represent a significant vulnerability and increase an organization’s attack surface. If a device or application is no longer supported by the vendor, it can no longer be patched. Cybercriminals are aware of the vulnerabilities of these dated systems, so organizations should proactively replace end-of-life systems and software.
Identify all parties with privileged access to your environment. Because digital businesses today are highly connected with partners, organizations are only as secure as the weakest link in their supply chain. To ensure your organization's security, it is important to vet partners accessing your network and ensure their cybersecurity practices are robust and aligned with yours.
Protecting Critical Infrastructure and Data
Starting with the login process, multi-factor authentication (MFA) makes it much harder for cybercriminals to gain unauthorized access to networks or systems. Using this multi-step approach to access a system reduces the risk of hackers gaining access by compromising the environment with a single factor, such as a password.
On the other side, firewalls keep track of all active connections on a network, preventing potentially dangerous traffic from gaining access. Endpoint protection platforms (EPP) can also block malware and other threats from entering a network on any mobile and fixed device. The platforms identify security gaps and perform automated remediation actions, such as quarantining files to prevent the spread of malware.
Email filtering and web security provide additional layers of protection to prevent the introduction of cyber threats into the organization through common attack vectors like phishing emails and malicious websites. These filtering technologies can block access to malicious websites and downloads, preventing employees from inadvertently exposing an organization to threats.
Cloud-based security tools, like remote browser isolation, can help lock down threats in an unconnected environment to ensure they don’t infect the surrounding network. This type of sandbox environment can test suspicious content before allowing it to execute on an end user’s device.
Detecting Anomalies and Events
Not all threats will be kept off the network, and that’s when detection becomes crucial for security teams. Various detection and response technologies—Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Managed Detection and Response (MDR), and Network Detection and Response (NDR)—are designed to identify potential security breaches happening across different parts of a network and take action to mitigate them.
Artificial intelligence is increasingly used in cybersecurity, including in detecting threats. AI monitors behavior patterns and identifies anomalies that could indicate a potential cyberattack, even if the specific threat is unknown. AI is being leveraged in detection technologies to stay ahead of the evolving tactics used by cybercriminals, which unfortunately also include AI to craft very convincing malicious content.
Responding to an Attack
Organizations must create a well-defined incident response plan. Such predefined policies will detail steps following a cyberattack and can be integrated into detection and response systems. When working with a managed security services provider (MSSP), the provider would work with the security team to define the appropriate responses to be taken depending on the type of threat or attack.
Security Operations Center (SOC) teams should outline the steps to take when a threat is detected, including actions like quarantining devices on a network to prevent the spread of an attack. Many technologies, such as EDR, MDR, and NDR, can be instrumented to automate actions such as quarantining devices, allowing for a more rapid and coordinated response to detected threats.
Recovering with Confidence
Regularly scheduled, encrypted backups are critical. Encrypted backups are essential for recovering from ransomware and other attacks that can lock down access to data and systems. Secure, encrypted backups may give organizations the confidence to ignore ransomware attacks that literally demand a ransom to restore systems.
It is imperative that backups are stored separately and in multiple locations, both on-site and off-site, to protect against physical threats such as floods, power outages, or natural disasters. Backups must be maintained separate from the main network to prevent them from being compromised in an attack. How often a company backs up data is critical to the strategy because it will guarantee data isn’t lost between backup windows and that systems can be recovered from a clean backup if there was a delay between the breach and execution of the threat.
It should be noted that NIST also includes a principle around Governance, which defines specific roles, authorities, and policies—essentially, those in the organization who are responsible for overseeing the cybersecurity strategy.
Empowering People with Security Knowledge
Cybersecurity isn’t only about technologies and tools. It is imperative that organizations invest in comprehensive cybersecurity training and awareness for end users. Training courses must evolve as cybercriminals develop more sophisticated social engineering methods. For instance, phishing tests are a common way companies can assess their employees' cybersecurity awareness. Phishing is the most common type of social engineering attack that can use spoofed email addresses and links to trick people into providing personal data or other information that criminals seek. As today’s cyberattacks exploit human vulnerabilities, regular cybersecurity training keeps employees informed on cybersecurity risks and best practices—as employees are often the first line of defense against attacks.
Cybercrime isn’t going away. Adopting these best practices will help prevent such incidents from devastating operations. Robust and consistent cybersecurity measures significantly reduce the potential damage from malicious actors and decrease the likelihood of compromised critical systems and data.