Global Cyberattacks on the Rise
A recent report from Check Point has highlighted a concerning trend in the world of cybersecurity: global cyberattacks have seen a sharp increase over the last few years. In fact, cyberattacks rose by 38% in 2022 alone. This surge in attacks is coupled with the rising cost of data breaches, which have reached an average of $9.44 million in the US and $4.25 million globally in 2022. With these figures in mind, preventing cyberattacks has become a top priority for organizations heading into 2024.
NIST’s Updated Cybersecurity Framework
In early August, the National Institute of Standards and Technology (NIST) unveiled an update to its Cybersecurity Framework (CSF). Known as CSF 2.0, this new draft reflects NIST’s inclusive and responsive approach to risk management for mitigating the cost and frequency of cyberattacks. To develop this updated framework, NIST incorporated valuable feedback from Fortune 500 companies that are on the front lines of cyberattacks.
Four Major Themes in CSF 2.0
NIST’s CSF 2.0 recognizes four major themes that have significant business impacts when it comes to managing cyber risk. These themes are:
1. Emphasizing Continuous and Quantitative Risk Assessment
The cornerstone of a robust cybersecurity program is continuous risk assessment. Organizations must continuously evaluate their risk posture, understand their critical IT assets, identify threats, assess security weaknesses, and determine the likelihood of these weaknesses being exploited. The Cybersecurity and Infrastructure Security Agency (CISA) recommends that organizations regularly conduct cyber-risk assessments to improve cyber resilience and meet cyber insurance requirements. Automation and AI-based tools play a crucial role in enabling organizations to perform near real-time risk assessments, keeping pace with the ever-evolving threat landscape. However, it is essential for organizations to view risk assessment as a collaborative effort that involves all departments. By investing in risk assessment and analysis, organizations can better utilize data and make informed decisions to strengthen their cybersecurity defenses.
2. Prioritizing Continuous Improvement
Cybersecurity is an ongoing journey that demands a culture of continuous improvement. It is not enough to simply implement the latest recommended cybersecurity measures; organizations must adopt a holistic approach with full-fledged support throughout the entire organization. Given the rapid pace at which new vulnerabilities and exploits emerge, constant adaptation and improvement are vital to keep all surfaces protected. NIST’s updated draft introduces an Improvement category in the Identify function, emphasizing the need for ongoing enhancement. Furthermore, the draft addresses the importance of cybersecurity risk management, governance, and managing third-party risks. By fostering a culture of continuous improvement, organizations can stay ahead of evolving threats and minimize cybersecurity risks.
3. Strengthening Supply Chain Risk Management
Supply chain attacks have increasingly become a preferred target for malicious actors. Notable incidents, such as the SolarWinds attack and the Log4j exploitation, have demonstrated the vulnerabilities within supply chains. Gartner predicts that by 2025, 45% of global organizations will be impacted by a supply chain attack. Many organizations struggle to create a software bill of materials (SBOM) for their applications, leaving gaps in protection. NIST’s updated draft emphasizes the importance of agility and accuracy in supply chain risk management. Organizations are warned to pay attention to the precision of their risk management efforts, including contractually requiring suppliers to provide and maintain component inventories (SBOMs). As supply chains play a critical role in organizational operations, precision in risk management is crucial for staying ahead of potential attacks.
4. Enhancing Implementation Examples
The first draft of NIST’s framework provided some implementation examples, but it fell short in terms of quantity. Recognizing the need for additional resources, NIST’s updated draft includes more practical application examples. By offering a wide range of examples, CISOs and other security leaders have clearer, actionable steps to implement effective security measures. This expanded set of implementation angles demonstrates NIST’s commitment to creating a more functional, real-world, and responsive cybersecurity management process. As organizations face increasing complexity, tool sprawl, expanding attack surfaces, and growing regulatory pressures, automated and AI-powered tools that provide a unified view will be critical.
The Path Forward
NIST’s updated Cybersecurity Framework lays out actionable steps for CISOs to adapt and align their organizations with the dynamic nature of the cybersecurity landscape in 2024 and beyond. Continuous and quantitative risk assessment enables organizations to proactively identify vulnerabilities and prioritize mitigation efforts. A culture of continuous improvement ensures that organizations continuously adapt and enhance their cybersecurity defenses. Strong supply chain risk management is essential to protect against growing threats in the interconnected business ecosystem. Finally, the enhanced implementation examples provided by NIST empower organizations to apply best practices effectively.
As the threat of cyberattacks continues to increase, organizations must prioritize cybersecurity and invest in the necessary tools and resources to protect their valuable data and systems. Collaboration, engagement, and education across all departments are crucial to creating a culture of security. By embracing NIST’s updated framework and incorporating its principles, organizations can develop a comprehensive cybersecurity program that mitigates risk, safeguards critical assets, and ensures resilience in the face of evolving cyber threats.
Securing the digital landscape requires a collective effort. Governments, businesses, and individuals all have a role to play in fostering a secure cyber environment. The updated NIST framework provides valuable guidance for organizations, but it is crucial to remain vigilant, adapt continuously, and stay informed about emerging threats and best practices in cybersecurity.
<< photo by Brett Sayles >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Ensuring Food Security in the Age of Cyber Threats
- Ransomware Attacks: How MGM Grand Defies the $100M Loss
- The Increasing Need for Secure IAM Practices: Insights from CISA and NSA
- Uncovering the Badbox Operation: Android Devices at Risk in Major Fraud Schemes
- The Vulnerable Guard: Unveiling Critical TorchServe Flaws and the Risk to Major AI Infrastructure
- The Rise of Data-driven Approaches in Cyber Risk Assessment
- Is the US Government’s Security Guidance for Open Source Software in OT, ICS Effective Enough?
Title: Evaluating the Effectiveness of US Government’s Security Guidance for Open Source Software in OT, ICS
- Exploring the Importance of US Government’s Security Guidance for Open Source Software in OT, ICS
Title: Safeguarding Critical Infrastructure: US Government Champions Security Guidance for Open Source Software in OT, ICS
- “The Rising Threat of Cybercrime: Air Europa’s Breach Highlights Vulnerability of Payment Card Data”
- The Rise of Cybersecurity: Is a Future Without Breaches Possible?
- Insurance Companies Under Siege: Unraveling the High Stakes of Cyberattacks
- The Rise of Non-Employee Risk Management: Protecting Against Third-Party Threats
- 4 Ways to Shield the Financial Sector from the Rising Threat of Deepfakes
- Exploring Strategies for Mitigating Risk During Cloud Migration
- Rampant Risks: Analyzing a Recent Supply Chain Attack Unleashed by a Rogue npm Package
- Exploring the Risk: Wi-Fi Vulnerability in 200 Canon Printer Models
