The Rising Threat of Global Cyberattacks
In recent years, global cyberattacks have seen a significant increase, with a 38% rise reported in 2022 alone, according to cybersecurity firm Check Point. With the average cost of a data breach reaching $9.44 million in the United States and $4.25 million globally in 2022, cybersecurity has become a top priority for organizations worldwide as we enter 2024. In light of this, the National Institute of Standards and Technology (NIST) has released an update to its renowned Cybersecurity Framework (CSF), aiming to provide organizations with a comprehensive and responsive approach to risk management and the mitigation of cyberattacks.
The Power of Continuous and Quantitative Risk Assessment
Continuous risk assessment is the bedrock of a robust cybersecurity program. By regularly assessing risks, organizations gain insights into their critical IT assets, potential threats, security weaknesses, and the likelihood of exploitation. The Cybersecurity and Infrastructure Security Agency (CISA) recommends frequent cyber-risk assessments to enhance cyber resiliency and meet cyber insurance requirements.
Automation and AI-powered tools play a crucial role in enabling near real-time risk assessment. These tools assist enterprises in identifying assets, prioritizing vulnerabilities, and determining the probability and impact of risks as the attack surface continues to evolve. However, as malicious actors increasingly employ AI for harmful purposes, it is imperative for organizations to learn how to use AI for good, empowering them to stay ahead of threats.
Nonetheless, the responsibility of continuous risk assessment does not rest solely on the Chief Information Security Officer (CISO). To effectively manage risks, organizational investments and buy-in should extend across all departments. It is essential for the entire organization to recognize the value of data and embrace risk assessment as a means to optimize its utilization.
The Vital Importance of Continuous Improvement
A culture of continuous improvement is vital in the realm of cybersecurity. Cyber threats are constantly evolving, necessitating constant adaptation and improvement to ensure the prevention of attacks. NIST’s updated draft framework acknowledges the need for continuous improvement by introducing a new “Improvement” category under the “Identify” function.
By updating the definitions of implementation tiers and incorporating factors such as cybersecurity risk management, governance, and third-party risks, the updated draft emphasizes a more holistic approach to risk management. It urges organizations to view cybersecurity as an ongoing journey that requires comprehensive support at all levels.
The Criticality of Supply Chain Risk Management
The focus of cybercriminals has increasingly shifted towards supply chain attacks in recent years. High-profile incidents like the SolarWinds attack and the exploitation of Log4j have highlighted the vulnerability of supply chains. Gartner predicts that by 2025, 45% of global organizations will experience a supply chain attack.
In response to these mounting threats, NIST addresses supply chain risk management in its updated framework. It emphasizes the importance of agility and accuracy in securing the supply chain, calling for the creation of a software bill of materials (SBOM) for in-use applications. This detailed inventory identifies potential vulnerabilities and serves as an essential tool for maintaining security.
Expanding Implementation Examples for Practical Application
While the initial draft of the NIST framework included some implementation examples, the updated version features an expanded set of practical applications. This addition equips organizations seeking cybersecurity guidance with more resources to implement best practices outlined in the framework.
Providing numerous practical examples empowers CISOs and other security leaders with clear and actionable steps to enhance their organization’s security measures. By including these additional implementation angles, NIST demonstrates its commitment to creating a more functional, real-world, and responsive cybersecurity management process.
Adapting and Aligning with the Evolving Cybersecurity Landscape
As the cybersecurity landscape grows increasingly complex, with tools and attack surfaces expanding, organizations face mounting regulatory pressures. To navigate these challenges effectively, CISOs must utilize automated and AI-powered tools that provide a holistic view of their organization’s security posture.
The updated NIST framework offers actionable steps for CISOs to adapt and align their organizations with the dynamic nature of the cybersecurity landscape in 2024 and beyond. By embracing continuous risk assessment, fostering a culture of improvement, strengthening supply chain risk management, and providing practical implementation examples, organizations can fortify their defenses and mitigate the ever-growing risk of cyberattacks.
is a current affairs commentator and editor at The New York Times.
<< photo by krakenimages >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Reevaluating Risk Management: Unpacking the Significance of NIST Framework 2.0
- Ensuring Food Security in the Age of Cyber Threats
- Ransomware Attacks: How MGM Grand Defies the $100M Loss
- Navigating the Evolving Landscape: Unveiling the Transformative Potential of NIST Framework 2.0
- Is the US Government’s Security Guidance for Open Source Software in OT, ICS Effective Enough?
Title: Evaluating the Effectiveness of US Government’s Security Guidance for Open Source Software in OT, ICS
- Uncovering the Badbox Operation: Android Devices at Risk in Major Fraud Schemes
- The Vulnerable Guard: Unveiling Critical TorchServe Flaws and the Risk to Major AI Infrastructure
- The Rise of Non-Employee Risk Management: Protecting Against Third-Party Threats
- 4 Ways to Shield the Financial Sector from the Rising Threat of Deepfakes
- Rampant Risks: Analyzing a Recent Supply Chain Attack Unleashed by a Rogue npm Package
- Exploring the Risk: Wi-Fi Vulnerability in 200 Canon Printer Models
