In this blog, the first of a two-part series, Pravesh Kara, Content+Cloud’s Security and Compliance Product Director, discusses the evolution of cyber security threats and the importance of considering the National Institute of Standards and Technology (NIST) Cyber Security Framework when building a platform of cyber security solutions.
Why cyber security threats have increased in severity and concern
A recent survey undertaken by Content+Cloud, focusing on small and medium-sized businesses, revealed that cyber security remains one of the greatest challenges for organisations today. You can download your free copy of the survey and get an insight into the priorities and focuses of IT challenges for UK businesses.
As a prime area of focus for investment in the next 12 months, it is crucial that senior leadership teams – and in particular those responsible for IT leadership and development – are aware of the importance of a modern security strategy.
It is no surprise that recent concerns around cyber security have grown in line with the large increase in businesses being compromised by threat actors. There is now a greater pool of better organised threat actors, well-funded through burgeoning ill-gotten gains, which has become a perfect storm that is already developing into a hurricane. Organisational defences are likely going to need an upgrade to keep pace with the mounting variety and seriousness of threats they face.
As cyber security has a large surface area, it’s important to know where the typical challenges and focus of investments are when you scratch below the surface. Let’s look at some crucial areas of concern and how best to map out your defences.
Defending against cyber security threats with the NIST cyber security framework
When we conduct cyber security assessments for clients, we summarise our findings in a way that is easily understood by anyone, whether they have technical experience or not. One of the best ways to achieve this is by leveraging NIST’s Cyber Security Framework – more specifically, the five functional areas they have carved out that represent end-to-end security.
Understanding the framework is the first step to considering your own cyber security needs, so it’s worth taking time to become familiar with the areas it covers. The five areas are:
- Identify
- Protect
- Detect
- Respond
- Recover
Historically, organisations have focused on just a few of these areas, gambling that investing in protection and detection will be enough to keep them safe. However, with threats developing in sophistication and threat actors’ tactics evolving, these piecemeal strategies for fighting cyber security threats become less and less assured.
Adam Thompson, Content+Cloud Governance, Risk and Compliance Team Lead, explains:
“Broadly speaking, the trend has been that organisations that have focused on the Protect and Detect aspects believe that they have sufficient resiliency but end up working much harder operationally to close the gaps that catch them by surprise. Those who have focused on the Identify area of the framework have a better overall risk management roadmap, and much improved strategies in prioritising remediation based on aligning to business needs.”
Simon Discombe, our Senior Information Security Consultant, takes this even further:
“Companies that approach security from an Identify category first are much better at proactive security and knowing the security products that will improve their actual security – not just simply their security compliance. On the other hand, clients who engage us in a reactive posture almost always are found to be deficient in the Identify category, but with a multitude of services or products in the Protect and Detect categories that are not enabled to full effect.
“These Protect/Detect products are often acquired to meet a compliance need but ignore the organisation’s real-world risk and business requirements, and the cyber security solutions that would truly make a difference.”
The UK organisations our security experts speak to vary from micro-businesses to enterprise level, meaning our people working at the coalface of organisational security have a varied insight into the state and readiness of businesses’ ability to protect themselves against current and evolving cyber security threats.
Now we’ll examine each of the five NIST cyber security framework areas and see what they entail.
Understanding the NIST cyber security framework
By understanding how the framework fits together to form a coherent and secure security strategy, organisations can be better prepared when threat actors strike. Here is a simple explanation of each focus area.
Identify
Fundamentally, you can’t solve a problem if you don’t know you have one. This area covers all the things organisations need to look at to fully understand their unique problem space. A word of warning: you may find that ‘industry best practice’ – that well-worn phrase – might not be best for your specific needs.
Protect
Once you know what is at stake and what is important to the organisation, you can consider how you want to protect that value by preventing as much harm as is reasonably possible. This area covers the different types of protection that can be applied holistically across people, process and technology.
Detect
Despite putting protection barriers up, an organisation must ultimately expose itself to the world in order to conduct business. This creates an attack surface that is exposed to threats. This area provides coverage on how to detect threats attempting to compromise your valuable technology and data.
“Broadly speaking, the trend has been that organisations that have focused on the Protect and Detect aspects believe that they have sufficient resiliency but end up working much harder operationally to close the gaps that catch them by surprise." - Adam Thompson, Governance, Risk and Compliance Team Lead
Respond
Some threats may be stopped automatically by preventive security measures that you have deployed, whereas others will bypass them. In these events, containing the threats and preventing them from creating any further damage or loss is the aim of the game. Defining the people, process and technologies to respond to a threat is key to enacting this function effectively.
Recover
Arguably, we are up against more ‘unknown unknowns’ – to paraphrase Donald Rumsfeld – in cyber than we are in any other business risk category. As such, there are going to be instances where cyber security threats get through and impact the productivity of your organisation. Being able to get back up and running as swiftly as possible to avoid further loss is key. Having the right provisions in place before they are needed is essential.
What is clear from the NIST cyber security framework, as well as from our own experts, is that investment in protection and detection alone is not enough to count as a modern cyber security solution.
Organisations must employ a holistic security strategy containing elements of each of the five areas, which promotes a culture of proactive measures and security management.
“Companies that approach security from an Identify category first are much better at proactive security and knowing the security products that will improve their actual security – not just simply their security compliance. - Simon Discombe, Senior Information Security Consultant
How a managed services provider can provide cyber security solutions that work
Even with the most dedicated IT team, there are times when your internal capacity doesn’t match the need, intensity and fast-paced requirements of your overall IT and security position. That’s where a reliable partner can be invaluable, offering the insight and expertise to know what services and solutions to deploy for maximum effectiveness.
As one of the UK’s leading managed services providers, Content+Cloud offers you a route to optimum cyber security with expert guidance and decades of experience.
Selecting and executing the most appropriate cyber security solutions for your people isn’t simply about throwing money at a problem and hoping the solution presents itself – it’s about understanding the nature of your industry, discovering your current and future needs, and applying that knowledge to leverage the best of modern security tools.
With our combined knowledge and evidenced success at providing effective cyber security for our clients, we can create an effective and sustainable package of cyber security solutions for you, following the structure of the NIST cyber security framework.
Here are just two ways that our experts can help you.
Managed Detection and Response (MDR)
Threat actors don’t pause when your people finish work. Every second of the day or night, 365 days a year, those who present risk to businesses are testing and implementing new ways of succeeding. Accordingly, you need a detection and response system that functions ceaselessly, offering you protection and monitoring at all hours of the day and night.
As Pravesh explains here, Content+Cloud’s MDR provides you with protection for your endpoints against advanced and emerging threats, with 24/7 monitoring and access to our deep cyber expertise.
Though you may be content with traditional protection solutions such as antimalware and consider the detection that they provide to be sufficient, these only detect what is already known as being dangerous.
As the threat landscape evolves at a staggering pace, the need to be prepared for the unknown unknowns has never been more critical. If you don’t have the budget for an enterprise-level tool or full cyber security operations centre, our MDR service can offer the endpoint defence you need. With optional add-ons to enhance your protection, MDR offers a focused approach on key security perimeters.
Managed Cyber Security Operations Centre (Managed CSOC)
For enterprise-level organisations, our Managed CSOC service may be more appropriate to tackle the cyber security threats you face and create a genuinely effective cyber security solutions package. Guaranteeing the same 24/7, 365-day protection as MDR, but extended across multiple data sources, our Managed CSOC offers a broader level of threat protection, fully customisable to your needs.
Our Managed CSOC means that you have expert eyes on your business around the clock, ensuring that suspicious activity is detected and responded to before it becomes a major incident. Staffed by our cyber security teams, a Managed CSOC offers you cost-effective, advanced threat protection fully aligned with regulatory compliance.
Improve your cyber security solutions posture today
Faced with a threat landscape that is evolving at a pace never seen before, and with businesses operating in ways that rely on data sharing, communication and remote access more than ever, the importance of a reliable and proactive defence simply cannot be overstated.
This introduction to the NIST cyber security framework has outlined how, by considering the specific cyber security threats to your organisation, you can arm yourself with the knowledge you need to make long-term, preventative decisions regarding your business safety.
For a more granular look at each of the five areas of the framework, together with a detailed explanation of the services and solutions available to you to improve and optimise your cyber security strategy, have a read of Prav’s second blog.
