A key goal of many chief information security officers is to bolster the protections the company uses to safeguard its most critical assets. This type of priority isn’t difficult to understand in the current cybersecurity landscape – 360,000 new malicious files were discovered every day in 2017, and many of these threats have continued into 2018.
However, creating a cohesive security posture is easier said than done for today’s enterprises. As TechRepublic contributor Brandon Vigliarolo pointed out, challenges like a lack of information sharing can create gaps in overall data protection.
In order to establish more standardized information security standards, the National Institute of Standards and Technology created its Cybersecurity Framework to provide a guide for CISOs and internal security stakeholders.
In the previous part of this series, we provided a primer on the NIST CSF, and examined the first function. To recap, the Identify function requires that organizations develop a better understanding of the systems that make up their critical infrastructure, as well as the risks associated with each of these platforms. Click here to revisit Part 1 of our Cybersecurity Framework Series.
The Identify function provides the foundation, enabling deeper knowledge and understanding. The Protect function of the NIST Framework builds upon this, and offers actionable steps for enterprises to take to ensure the security of their critical informational assets.
Protect: A definition
The second function within NIST’s Framework calls for CISOs and their teams to “develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services,” according to the Framework document. During this function, security stakeholders should look to reduce the impact of a possible cybersecurity event by leveraging best practices for data protection and overall security.
The functions of the framework take place in a logical order. In this way, CISOs can view the Identify function as the foundation for their company’s security posture, and can treat the Protect function as the framing. From here, the other three functions – Detect, Respond and Recover – fill out the rest of the Framework.
The Protect function revolves around limiting and controlling secure access to essential systems and assets, both physical and digital, and putting protections in place to prevent any unauthorized access.
Categories and tasks under Protect
As explained in the primer section of Part 1 of this series, the NIST Framework is made up of the five functions, each of which has its own categories, subcategories and tasks. Let’s examine the categories and tasks that CISOs and their teams should take under the Protection function:
Protect in the real world: Ransomware
One of the most pressing threats currently is ransomware, and this infection strategy deeply underlines the importance of deploying safeguards to specifically ensure users can access and use technology supporting crucial business activity.
As Trend Micro research shows, ransomware has been a pervasive threat for some time, with the earliest cases being reported in 2005 and 2006. Ransomware samples have come a long way since then, allowing hackers to expand their reach as well as the ransom amounts demanded.
The common thread running through every ransomware sample and attack is the compromise of critical business functions. Ransomware leverages strong encryption to prevent users from accessing the essential data and applications required for important, daily enterprise activity, thereby stimulating victims to pay the ransom. The approach of hackers here is, “I’ve locked you out of your critical business functions, so your company is losing money. Pay the ransom, or continue on without access to your most essential infrastructure platforms.”
Whereas early ransomware focused on the reward of payment, today’s attacks utilize more of an extortion style. Going back to the definition of Protect under the NIST Framework, this function revolves around putting safeguards in place to ensure the access to and delivery of critical infrastructure systems. In this way, ransomware demonstrates the essential importance of protections for critical business functions.
“Ransomware attacks are all about speed and impact,” said Ed Cabrera, Chief Cybersecurity Officer at Trend Micro. “Cybercriminals know that the faster they can attack and disrupt critical data and systems the higher the likelihood they will be paid and paid well. CISOs have to respond in kind to this evolving risk to operations and develop dynamic protection strategies that focus on prevention.”
Protection efforts will touch every corner of the enterprise, and will involve every employee from the CISO and his or her team to each individual worker. In addition, leveraging a layered approach to data security can help ensure that protection extends across the entire company.
Check in later to read the next part of our series, where we’ll discuss the facets of the Detect function.