Achieving cyber resilience with the NIST cybersecurity framework
There are several cybersecurity frameworks available, all of which aim to improve resilience. The NIST Cybersecurity Framework is the most widely adopted, offering guidance and best practices for private sector organizations to enhance their information security and cybersecurity risk management. The framework is structured around five core functions: identify, protect, detect, respond, and recover. These functions guide the decision-making process of security experts and decision-makers as they select and integrate technology to safeguard and defend their enterprises.
Modeen Malick, Principal Systems Engineer at Commvault
However, to achieve cyber resilience in the modern era of data, chief information security officers (CISOs) are defined by two personas – the first being the security architecture and engineering persona, which is all about developing, implementing, and enforcing security policies to protect critical data.
The other, emerging persona is centred on risk, governance and compliance and is becoming more important than ever as recent European legislation, such as the Digital Operational Resilience Act (DORA), requires that CISOs pivot slightly towards regulations.
Legislation such as DORA requires that organisations not only have a robust plan for recovery in place but also the ability to test and practice this recovery to prove that they are ready for a potential breach.
Evolving priorities
With this in mind, CISOs have several evolving priorities to focus on, which map neatly into the pillars of the NIST Cybersecurity Framework.
Track known risks and “Know Thy Assets”: Because data is the new oil, organisations must know exactly what their assets are by having a clear list of critical applications.
Address the “Data Custodian” paradox: This requires working with system owners and owners of data within different lines of business and ensuring that they put the right governance in place.
Drive security awareness: Driving security awareness across all layers of an organisation is paramount as humans are often the weakest link in an IT security strategy. It is important to educate people to understand, identify and avoid cyber threats.
Map out survival time objective: This is a key priority as it determines how much time the IT department requires to recover critical data after a disaster. This represents how long the enterprise can survive without IT services and infrastructure.
Prepare for upcoming challenges: CISOs must be prepared for how Artificial Intelligence (AI) and generative AI will affect their approach to security. Threats such as Adversarial Neural Networks that can result in data poisoning are a reality.
Taking action: Additionally, from a cyber resilience perspective in the modern era of data, CISOs should be paying attention to action in three pillars, namely application stack resilience, infrastructure resilience and data resilience.
Over the past three or four decades, most organisations have been investing in infrastructure resilience, for example, firewalls, intrusion detection systems or network detection tools.
However, a greater focus now needs to be placed on application stack resilience and data resilience.
Cyber resilience can effectively be achieved by adopting a platform that can meet the complexity and needs of the modern enterprise.
Cyber resilience platform needs
This platform must ensure operational recovery through comprehensive data protection support with built-in privacy controls to control access to data from immutable backup targets.
It must also deliver Disaster Recovery (DR)with auto-recovery capabilities that deliver efficient data replication, one-click failover orchestration and recovery readiness validation.
Lastly, it should enable simple, secure and rapid cyber recovery, as well as a continuous capability to test this recovery and ultimately cleanroom recovery to conduct forensic analysis.
Cyber resilience is a comprehensive approach to cybersecurity, emphasising the ability, preparedness, and adaptability to effectively navigate and recover from cyber threats and incidents.
Considering the frequency and sophistication of today’s cyber threats, cyber resilience should be a top priority for all organisations.