What is a Comprehensive Cybersecurity Strategy? PART 1 – Intro
Part 1 – An Introduction to the NIST Cybersecurity Framework
According to Info Security Magazine, because of the pandemic, 24% of Small and Medium Businesses (SMBs) spend less on cybersecurity despite the increased risks that come with remote work. According to the same magazine, 42% of SMBs cite lack of security expertise as the number one challenge to make their networks and data safe from attacks, you will understand the constant risks SMB’s face in the current state of the digital cyberworld.
Your business’ cybersecurity posture must prioritize detection, evaluation and mitigation of risks posed by internal and external users who can easily weaken your cybersecurity. Always remember that no matter how secure you think your network and data are, unaware and unprepared users, internal and external, can severely damage your business’ reputation and financial position.
A Comprehensive Cybersecurity Strategy
The cyberthreat landscape is evolving at lightning speed and traditional security measures cannot keep up with it. Experts at the JD Supra Knowledge Center have predicted that a ransomware attack will occur every 11 seconds in 2021. For this reason, it is important that your business develops and implements a comprehensive Cybersecurity Strategy with sound best practices to clearly outline:
- Measures to guard against cyberattacks,
- Proper risk control measures for data protection, and
- Ways to minimize disruption to business operation during or after an attack.
The NIST Cybersecurity Framework
SMBs do not have the same resources that large businesses do but are as, if not more, exposed to cyberattacks. The result of a cyberattack on an SMB business is lower, or loss of, revenue and increased costs to recover. According to the he U.S. National Cyber Security Alliance, 60 percent of small companies fold within six months after a cyberattack. With this in mind, what can a SMB do to become cyber safe?
For this reason, SMB need to avid by best business practices when it comes to cybersecurity. The National Institute of Science and Technology (NIST) developed a Cybersecurity Framework (CSF) which offers a simple risk management approach.
The CSF outlines five functions that businesses can perform to prepare to and become cyber safe. The functions are:
- Identify – what information, processes, and systems are critical to the operation and must be protected?
- Protect – what safeguards need to be in place to protect the critical components identified above?
- Detect – what processes can be put in place to detect potential unwanted incidents?
- Respond – what steps are in place to respond to an incident? Who will be involved in the response?
- Recover – what processes will be in place to assess and implement new activities to make the business further resilient to cyberattacks?
In my next blogs I will explore in more detail what it takes to build a strong cybersecurity framework for your SMB.