A Guide to Understanding and Using the NIST Cybersecurity Framework Core Functions
by Tom Kirkham, CEO IronTech Security
Organizations are being challenged to adjust to the constantly, rapidly evolving cyber threat landscape by staying up to date on threats and vulnerabilities. The National Institute of Standards and Technology provides a framework of standards, guidelines, and practices to promote the protection of critical infrastructure. The NIST Cybersecurity Framework is designed to help organizations manage their cybersecurity risk. The priority-based, flexible, repeatable and cost-effective approach is easily tailored to any organization.
Every business has unique compliance goals it must achieve. The framework not only helps organizations understand cybersecurity risks, threats, and vulnerabilities, but how they can reduce those risks. This helps speed response and recover from cybersecurity incidents, by prompting cause analysis, making improvements, and learning from incidents.
The core framework which is organized by five key functions – Identify, Protect, Detect, Respond, Recover - promotes best practices and helps businesses of all sizes better understand, manage, and reduce their risk as well as protect networks and data.
The first function – Identify - centers on identifying what is at risk that must be protected. This might include sensitive client, patient or customer files, financial information, business interruption, critical assets, personal files, and intellectual property, to name a few. List everything that may need protection
Second – Protect – addresses putting protection in place for everything on the risk list.
For protection, endpoint detection and response (EDR) plays a critical role. Antivirus only looks for threats it is programmed to detect. Relying on antivirus leaves businesses vulnerable to polymorphic malware, advanced threats, malicious documents, encrypted traffic, and more. EDR protects against the widest array of threats by preventing known threats, but also unknown threats. It allows devices to self-defend and heal themselves by stopping the threat, quarantining it, remediating it, and even rolling it back to keep the endpoint at a clean state.
A critical component of protection, continuous cybersecurity training keeps employees aware of current risks and threats. For example, consider Covid-19 phishing emails; people naturally seek out information and can’t help but click on a link. That one click can expose the organization to a ransomware attack. Employees need constant updating on today’s threats.
Without data backup and disaster recovery, should a ransomware attack occur and the business cannot or chooses not to pay the ransom, files may be inaccessible for days or even weeks.
The third function of the framework is Detect. A full 65% of cyber threats go undetected. Companies must have software in place to detect intrusions in real time. To detect, EDR continuously monitors for threats to a system and alerts the organization.
The fourth function: respond. Despite the best efforts, there will always be a chance of a data breach. It’s the human error factor. No system can ever be 100% secure. To be in a position to respond, a plan must be in place for keeping business operations up and running, for investigating and containing the attack so it doesn’t spread, and to make customers, employees, and any others whose data may be at risk get notified immediately.
The fifth and final function, Recover. Plan for the worst. If an organization cannot access payment software or your accounting software or miss opportunities to connect with potential clients or customers, the result can be devastating. Imagine not being able to operate for at least seven days, which is the average downtime following a ransomware attack.
Address how to repair and restore equipment and all services that have been affected. Update cybersecurity policies to include lessons learned, any vulnerabilities that have not been identified or documented in the past.
Again, communication must be ongoing. Coordinate with employees and customers internally and externally. Keep them informed not only of the response activities, but recovery activities.
The NIST Cybersecurity framework is a guide to follow. By following its principles, clients will have more trust. They can be confident data is not vulnerable.
The NIST framework helps organizations better understand, manage, and reduce cybersecurity risks. It assists in determining which activities are most important to assure critical operations and service delivery. In turn, it will help to prioritize investments and maximize the impact of each dollar spent on cybersecurity. It is simply good business.
About the Author
Tom Kirkham is founder and CEO of Kirkham IT. Tom founded IronTech Security to focus on cybersecurity defense systems that protect and secure data for the financial, law, and water utility industries. IronTech focuses on educating and encouraging organizations to establish a security-first environment with cybersecurity training programs for all employees to prevent successful attacks. Tom brings more than three decades of software design, network administration, and cybersecurity knowledge to the table. During his career, Tom has received multiple software design awards and founded other acclaimed technology businesses. He is an active member of the FBI’s Arkansas InfraGard Chapter and frequently speaks about the latest in security threats. Watch for Tom’s new book: The Cyber Pandemic Survival Guide - Protecting Yourself From The Coming Worldwide Cyber War.
September 30, 2021