Like seatbelts, cybersecurity frameworks work best when you use them. Dozens of cybersecurity frameworks (CSFs) and models have been released over the years with the aim of assisting businesses in lowering the risks associated with cyberattacks.
Which options firms should consider, with so many CSFs to pick from, is a difficult choice. The quick response is that it makes no difference; just make sure you use one. While no CSF is superior to any other, it is important to identify areas of similarity between them as well as discrepancies to make an optimal choice.
Seven of the leading CSFs
CIS (Centre for Internet Security): This is a non-profit organisation whose members work together to develop and identify efficient security methods. Its defence-in-depth strategy employs 18 CIS controls that are prioritised and created to guard against a.
CMMC (Cyber Security Maturity Model Certification): The US Department of Defence created the CMMC framework as a template for contractors in the Defence Industrial. It divides its controls into three categories: Foundation, Advanced, and Expert, and maps them to the NIST framework (below).
COBIT : (Control Objectives for Information and Related IT): ISACA, an international organisation with an emphasis on IT governance, developed the well-known COBIT framework, which is widely utilised in Europe and is suitable for large to medium-sized enterprises.
Essential Eight: The Australian Cyber Security Centre created this cybersecurity framework, and it consists of eight important elements created to help enterprises to defend themselves against different types of cyberattacks. This framework places a strong emphasis on safeguarding internet-connected networks running Microsoft Windows.
ISO 27001 (International Standards Organization): This is an international standard for managing information security. Upon a successful audit result, organisations receive certification. The 144 controls in 14 groups and 35 control categories covered by the ISO controls are extensive.
NIST: The National Institute of Standards and Technology published the NIST cybersecurity framework in 2014 with input from private-sector and government experts.
Zero Trust: Technically speaking, this is not a CSF, but a model that constantly verifies authenticity. Its basic tenet is “never trust, always verify”. The guiding concepts of the Zero Trust paradigm are that verification has to be explicit; it should employ the least privileged access, and anticipate that a system will definitely be compromised.
Under constant threat
Almost continuous supply chain attacks, AI-based spear phishing, and hybrid work practices are behind a global cyber threats scenario that remains dangerous and severe. Attack strategies by bad actors are changing practically every minute, and cybercrime-as-a-service is becoming the norm.
More than 85% of attacks still originate at the human-machine interface, making it the main access point. This is because even with companies employing a wide range of security processes and technologies, social engineering and other emotional manipulation methods are the most effective ways to target employees.
Cyberattacks are rising daily and have to be defended by organisations because they pose a threat to normal company operations. Private-sector businesses across industries have implemented some of the many cybersecurity frameworks voluntarily, singly or in concert, like NIST and MITRE ATT&CK.
These were created to provide best practices to empower security teams to better manage and decrease cybersecurity risks, and to battle the constantly growing attack surface.
Proactive, not just reactive
Organisations must not rely only on reactive measures to protect against the unprecedented rise in variety and direction of the threat landscape. Instead, they must go beyond cybersecurity frameworks to precisely identify, quantify, and manage key risks.
Companies must no longer only rely on a reactive detect-and-respond approach to protect their critical assets from pressing threats.
It is not true that maintaining compliance with security frameworks can absolutely guarantee system security for organisations. Firms must also assume responsibility for identifying their specific, individual security vulnerabilities/attack paths.
The moment has come to put security posture strengthening measures into action that go beyond merely satisfying compliance with regulations and baseline security standards.
Elements of the NIST cybersecurity framework
Identify
The Identify function creates the base for further cybersecurity-related actions your firm will take. The success of the framework depends on knowing what is out there, what risks are associated with those settings, and how it relates to your business strategy.
Protect
Going deeper into the framework, PR.DS (Protect Data Security) comprises seven sub-categories, each of which is meant to assure the safety of data. These include measures for securing data while it is in motion (PR.DS-2), securing data while it is at rest (PR.DS-1), and so forth. For example, the organisation might require encryption of data at rest to comply with PR.DS-1.
Detect
The establishment and execution of the necessary processes to identify the presence of a cybersecurity event are required by the Detect function. It makes it possible to quickly identify cybersecurity incidents.
Respond
The Respond function is responsible for operations related to planning, analysing, and mitigating responses in order to ensure that the cybersecurity programme is always improving.
Recover
To lessen the impact of a cybersecurity incident, the Recover step permits a quick return to routine activity. Some examples of outcomes include communications, recovery planning, and improvements by this core Framework function.
Datto and cyber resilience
The ability of a business to anticipate, withstand, and recover from a cyberattack is known as cyber resilience. This includes cyber security, business continuity, and incident response, and is based on the ability to successfully identify, protect, detect, respond, and recover fast from any cyber incident.
“MSPs are at the heart of an asymmetrical battle, meaning the threat actor has numerous ways to attack that [Datto] partner, and partners are critical because they hold the keys to the kingdom; they’re the single point to multiple businesses so attacking a partner is really a juicy target for a bad actor,” says Chris McKie, VP of security solutions product marketing at Datto.
“They can attack them [a partner] or their customers by any number of means: email, network, endpoint, cloud. They have the advantage that they need to just to find one vulnerability, they need to find one person to click on one link to deliver the malicious payload.”
“On the flip side, the partner is at an unequalled disadvantage because they have to cover and protect everything. This asymmetrical battle puts threat actors at a huge advantage while putting the MSP at a tremendous disadvantage,” says McKie.
“To address this we, the [cyber security] industry have come up with these CSFs. That’s the genesis of why there are frameworks in the first place. To help everybody to evaluate their entire security stack from a holistic, comprehensive point of view to address the asymmetrical battle. If you’re not using a framework, it’s like going into a battle without a plan. You’re probably going to lose, and lose badly.”
The whole point of a framework says McKie is that “it gives you that strategy, that roadmap and tools that strengthen not only the MSPs position, but also that of their customers. If you don’t have a solid recovery solution in place, BCDR for example, and you suffer a breach by a ransomware attack and your systems go down, you’re out of business for some time.”
“The average breach costs around $8k per hour between the point of attack to the time of remediation. That’s serious money lost and, possibly, reputational damage! Something like 60% of small businesses that get hit go out of business,” says McKie.
“Because of this, you need tools that provide comprehensive, defence-in-depth abilities to identify, protect, detect, respond and recover against a myriad of threats. You can’t protect what you can’t see. This makes Datto RMM a must-have weapon in your cybersecurity arsenal.”
Datto RMM
Datto RMM is a robust platform for remote monitoring and management. To reduce costs and enhance service delivery, managed service providers (MSPs) can use Datto RMM to remotely secure, monitor, and control endpoints.
The only channel RMM to be reviewed so far, Datto RMM is in the top 20% of all businesses that are going through their Building Security in Maturity Model (BSIMM) evaluation.
Datto RMM was developed with a strict emphasis on security. The company makes it simple for its customers to concentrate on service delivery as there is no hardware to maintain and it boasts an uptime of 99.99% availability. It is dedicated to improving client endpoint security for MSPs and platform security.
