For businesses in the early stages of building their IT security strategy, the decisions that need to be made can be overwhelming. Dealing with something as multidimensional as cyber security needs a framework that helps to filter out the noise and focus on what really needs to be done. Of the many models that exist, one that we find helpful for enterprises early in their security journey is the NIST framework. This has become popular among private sector organisations and even national governments.
NIST outlines a five-step process to improve your security posture: identify – protect – detect – respond – recover. Here we’ll help you relate each element back to how you coordinate your organisation’s security.
Identify
“Develop the organisational understanding to manage cyber security risk to systems, assets, data, and capabilities.”
A strong security response begins with awareness of the vulnerabilities that exist. No two businesses are the same, and so each must conduct situational awareness based on its own security landscape. This involves assessing which areas of your IT operations are most attractive to cyber criminals, and what types of attacks would likely cause the most significant damage.
Of course, this responsibility doesn’t lie only with IT. Every area of the business must have a clear view of how IT fits into their operations and any vulnerabilities that may exist. The role IT can play here is in helping others in the business to understand what they should be looking for and what steps they can take to test potential vulnerabilities.
Protect
“Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.”
To protect your environment, you need to have secure practices built into how your business operates. This means having a well secured network that can safely support a range of connected devices. These should be reinforced by clear policies around IT usage and awareness of any risky behaviour among employees. For example, rather than taking a heavy-handed approach towards staff using their mobile devices for both work and personal purposes, instead educate them on the risks that exist and how they can be minimised.
Protection is about more than just technology, and often it’s human error that creates vulnerabilities. It’s likely you have many different departments and roles in your organisation, which means you cannot be 100% sure that errors – such as unsafe data handling, clicking on malicious links or being subject to social engineering – won’t be made. Providing training on cyber basics will help keep all staff on top of what safe practices they should adopt.
Detect
“Develop and implement the appropriate activities to identify the occurrence of a cyber security event.”
Being able to detect any unusual activity on your network and take effective action is essential. As the threats your organisation faces grow more sophisticated, you must coordinate technology, people and processes to be able to comprehensively review security intelligence and draw insights. This begins with a robust system of identity management so that any unauthorised activity can be quickly identified. By regularly reviewing which accounts have access to the network, you will be better placed to identify personnel that should no longer hold credentials such as former employees.
It’s only by having a clear picture of the threat landscape around your business that you can make informed decisions. For example, we’ve seen phishing campaigns grow in professionalism, to the extent that even more security-aware employees would have to think twice before clicking. Cyber criminals go to great lengths to make these types of attacks convincing, even studying the personnel and the environment of the organisation they’re targeting. It’s for this reason that you must have detection systems, such as vulnerability scanning & intelligence technology, underpinning all employee activity to ensure appropriate safety measures are in place.
Respond
“Develop and implement the appropriate activities to take action regarding a detected cyber security event.”
In the event of a cyber attack, one of the greatest risks is that the organisation will not be able to respond effectively. Without clarity of who is accountable for doing what and when, there’s a real risk of confusion, responsibility gaps and wasted efforts that serve to make the outcome even worse.
As a business, you need to have clearly defined roles and well-established processes for acting on threats as soon as they emerge. In our work, we tend to find that most mid-sized enterprises don’t have the skilled security people to deal with every incident. That’s why we offer specialised support from our Virtual Security Operations Centres (vSOC) to take care of security updates and provide alerts to situations. This helps to spot the issues organisations can’t see themselves, and puts them in a stronger position for an effective response.
Recover
“Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cyber security event.”
The final step in the NIST process is the one that, by simple human nature, you’re most likely to ignore. We’re conditioned to believe that nothing bad will happen, and if it does, we’ll deal with it then. In reality, it’s when the worst does happen that we’re less capable of good judgement and decision-making. That’s why having a recovery plan is crucial.
As a starting point, accept that attacks and breaches will occur, and that steps you take to restore normal operations will make the crucial difference. Working with your vendors and service providers to assign responsibilities and establish processes for bringing systems back online will help to restore ‘business as usual’ as quickly and seamlessly as possible.
And an additional step… Control
Above all else, the important thing is to be in full command of your environment. In plain terms, this means understanding and agreeing the steps required to deal with a cyber incident. This includes having the technology – from data solutions to security intelligence systems – in place to reinforce your ability to follow the NIST framework steps.
Proact always works with technology partners that can help fortify your security posture. As a NetApp Star Partner, and a multi-time recipient of NetApp EMEA’s Service Partner of the Year award, we know how to leverage the firm’s powerful systems, including ONTAP 9. This software doesn’t just designate and validate authorised users to access storage resources, but also enhances visibility to help monitor the actions and behaviour of users.
When we first look to address the topic of security at a customer, we tend to look beyond just technology by conducting a security maturity assessment. This helps them understand how robust their current security approach is in regard to existing hardware, patches, processes, cloud usage etc., and then establish a baseline that helps to identify their weaknesses and blind spots.
While standing at the start line, it’s common to feel that the measures required to build a security response framework are ‘too much’. To avoid being put on the back foot, now is the best time to take control and lay the foundations for your security journey.