Skip to main content

Why Your Business Should Adopt A Cybersecurity Framework

It’s a sunny morning in the office, and you’re not thinking about cybersecurity. In fact, why would you? There are deals to close, emails to respond to, and projects to complete. The vibe of the office feels normal, but outside this calm, there’s a digital world looming, its shadows shaped by clouds of threats, risks, and—if you look close enough—opportunities.

Adopt A Cybersecurity Framework

You’ve heard about cybersecurity, of course. The term is thrown around with the same limited understanding as “cloud” or “AI.” Until it lands on your doorstep. Maybe there was an email that looked a little off, or that strange message a client called about regarding an account issue, that no one in your office seemingly sent him. You’re not sure what to make of it all, but a knot of worry begins to tighten in the background.

You grab the dusty compliance binder that’s been sitting on the shelf since you put it there two years ago, hoping to discover some quick knowledge, only to find pages of lists to equipment you replaced months ago, phone numbers of vendors you no longer work with, and the person you assigned as your compliance manager retired six months ago and moved to Florida. Becoming aware of your negligence towards data care, you’re unsure of the next step. This is where a cybersecurity framework comes into play. It’s not just a set of technical jargon or complex codes. The framework is a guide, a roadmap, a way to make sense of the unseen risks that hover over every business. And here’s the key—it’s not about starting with technology or buying the latest equipment. It’s about something much more fundamental: governance.

“Governance is understanding your business, your mission, and your goals.”

Perhaps governance sounds like a busy word, one you’d rather not deal with on a Tuesday morning, but it’s crucial. Governance is, simply put, understanding your business, your mission, and your goals. This is not the same mission and goals you created for your business plan. This is your cybersecurity mission and goals. Before you even think about cybersecurity, you need to sit down and ask: “What do we stand for? What’s our tolerance for risk? And who, in this company, is responsible for managing it?”

This is where the cybersecurity framework begins. Fortunately, The National Institute of Standards and Technology (NIST) lays out a clear process to follow (Read it here). The first version of the NIST framework gave us five steps: Identify, Protect, Detect, Respond, and Recover. Now, they’ve released version 2.0 to include “Govern,” recognizing that understanding your business is where cybersecurity really starts.

Think of it this way: if your company was a ship, governance is deciding where you’re headed before you even push off from the dock. Are you sailing through calm waters or navigating risky, stormy seas? How much danger are you willing to accept before you change course? Without understanding that, no amount of protection will truly keep your business safe.

Once you’ve set your course, you can begin identifying what needs protecting. The next step in cybersecurity is simple but often overlooked: what are your assets? You can’t protect what you don’t know you have. Your assets each have a role to play, and each one represents a risk if left unguarded. From the hardware and software you use–to the people who log in every day; everything is an asset.

This part of the framework is often called dynamic discovery. You don’t record your inventory once and forget about it. Instead, you stay on top of changes, classify your critical data, and record important hardware. This is about knowing your attack surface. This isn’t just about your internal operations; vendors, contractors, and third-party services can all expand your attack surface. Imagine the attack surface as the doors and windows on the ship—some are open, some closed. Which ones are vulnerable to the outside world, and which ones will let water in if the waves hit you broadside? I know I’m stretching this analogy, but I want to illustrate the impact of neglectful data care. Once you’ve identified your assets, it’s time to learn about protecting everything.

Protection Of Your Assets With A Cybersecurity Framework

Protection sounds like a straightforward word, but it covers a lot of ground. NIST refers to it as the three pillars of information security. It includes protecting your data by focusing on three things: confidentiality, integrity, and availability.

Confidentiality preserves authorized restrictions on data access. It means making sure only the right people can access sensitive information. This is where policies like data encryption and passkeys come into play. 

Integrity is about ensuring that your data isn’t tampered with—guarding against improper modification or destruction of data. Think of it like a lock on the door, making sure everything inside stays as it should be. 

Availability is making sure that data is available when you need it. This is important for minimizing downtime and keeping your business going when things go bad. After all, what good is a locked security chest if no one can open it when you run into trouble?

Detecting The Storm  

The next pillar that NIST mentions is detection. Detection is essential. But here’s the truth: no matter how well you protect your business, threats will always be out there, waiting. Detection is your radar. It’s about keeping an eye on the horizon, spotting storms before they hit. Using tools like Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR), you can monitor for signs of trouble, both inside and outside your company.

This is also where security systems like SIEM (Security Information and Event Management) come into the picture. Think of SIEM as the captain of your ship, coordinating all the crew’s efforts to keep things safe. If something unusual happens—if a storm’s brewing on the horizon—SIEM raises the alarm and sets a course for a response.

Respond And Act Fast

But it’s not just about watching for danger. It’s also being ready to act. If a threat is detected, your tech team must respond quickly and effectively. SOAR (Security Orchestration Automation and Response) can handle this by acting as your automated playbook, guiding your team through each step of the response process. When something happens, SOAR ensures that it takes the right actions at the right time, reducing the impact on your business and ensuring that no steps are missed along the way. It streamlines security operations so security analysts can focus on more important tasks.

As useful as SIEM and SOAR are, they are expensive services and are a financial strain until your company has matured to a level where the expense is worth the service. Short of that, there are other lower-cost alternatives that are available in the industry, such as XDR, and extended version of EDR and MDR that incorporate some of the automation features of SOAR and SIEM. (Read more about XDR here).

Recovering And Getting Back To Business

Recovery is the final step in the cybersecurity framework. No matter how prepared you are, sometimes the storm will hit. Sometimes, damage will be done. But that doesn’t mean the ship is lost. The recovery process is about getting back on course. It’s about verifying that the data you’ve stored is still intact. More importantly, it’s about learning from the incident, notifying clients and stakeholders, and improving your defenses for the next time.

Building a cybersecurity framework isn’t just a technical exercise. And it’s not a training session to teach your staff about cybersecurity and data care. It’s a process of understanding your business, identifying risks, and putting tools in place to protect your business against them. It’s not about fearing the digital world, but about guiding your crew with confidence and control, and learning from mistakes. 

The last word I will put out there is: Review. Remove the compliance binders from the shelf at least once a year, dust them off, and conduct a tabletop exercise session (TTX) to make sure they’re updated and relevant. TTXs are important so your team stays current with your company compliances and industry cybersecurity regulations, and most importantly, they know what to do if an incident should occur. You don’t want people running for the compliance binder trying to find the section on how to properly shut down an asset or what industry regulations dictate the proper steps you need to take to comply. 

If it’s been a while, reach out to your insurance agent to review your cyber liability policy. Don’t have cyber liability insurance yet? Now is the time to find one and have that conversation. Unsure what a TTX (tabletop exercise) entails? Contact your cybersecurity attorney or IT managed service provider. If you don’t have one, or both, make some calls. Find out how a TTX can help your business deal with growing threats.

Despite the unpredictable nature of the cyber world, a reliable cybersecurity framework can provide you with the confidence to protect your data, business, reputation, and navigate towards safer waters. As the winds change along your journey, you’ll have the knowledge to properly adjust 

Port Haven Cyber, LLC.  2024

Labels:

Comments

Post a Comment

Popular posts from this blog

AI and Cybersecurity: A Powerhouse Duo for Small Businesses

Small businesses face complex and expensive cybersecurity challenges, but AI is being used to simplify defenses, making cybersecurity protection more affordable for small companies.  Read on to discover how embracing AI can work to secure your digital assets and improve your data care. Cybersecurity can feel like a complex beast, especially for small businesses.  Between technical jargon and ever-evolving threats, it's tough to know where to start.  But there is good news: Artificial intelligence (AI) is entering the scene, offering powerful tools to simplify and strengthen your efforts. Think of AI as a super-smart security guard.  It's constantly scanning, analyzing, and learning, keeping you one step ahead of the bad guys. Here's how AI can be your cybersecurity hero:
Post a Comment
Read more

China Actively Preparing Cyber Threats: US Grapples with Balancing Security and Privacy Concerns

I recently watched the January 2024 House hearing entitled "The CCP Cyber Threat to the American Homeland and National Security". It highlighted the growing concern over China's aggressive cyber activities that have plagued our technical infrastructure for decades.   U.S. Cyber Command Commander General Paul Nakasone, FBI Director Christopher Wray, National Cyber Director Harry Coker, CISA Director Jen Easterly, and Rep. Mike Gallagher (R-WI). I was locked into what Jen Easterly, the Director for the Cybersecurity and Infrastructure Security Agency (CISA) was saying throughout the hearing.  She emerged as a key voice, emphasizing the need for a shift in perspective against China and their active pursuit of cyber threats toward the U.S.
Post a Comment
Read more

Humans: The Achilles' Heel of Cybersecurity. Better Passwords For Your Data Care.

When I’m not researching and writing about cybersecurity, I have a normal day job working in the development department for a nonprofit organization where, just yesterday, I found three cybersecurity alerts in my Outlook email. “You must change your password…”; “We had a phishing incident…”; “Our IT company has initiated MFA…”. It was a lovely way to begin my morning. I was puzzled that someone in our mid-sized company was tricked into clicking a malicious email link. How could this happen? Doesn’t everyone realize what phishing emails look like? The improper English; fake links, the sense of urgency? Apparently, not… H umans are still the weakest link in any data care plan. I sometimes feel that costly cybersecurity tools are more about protecting companies from their own employees than external threats. Businesses should elevate employee education, awareness, and periodic trainings to strengthen data care and minimize human error. I have some inexpensive ideas I often share with busi...
Post a Comment
Read more