Reducing Cybersecurity Risks with NIST CSF 2.0

Reducing cybersecurity risks and ensuring recoverability following an attack is critical for organizations today. The NIST CSF 2.0 lays out five functions for cybersecurity risk management.

NIST CSF 2.0

Summary

Created by the National Institute of Standards and Technology (NIST), the Cybersecurity Framework (CSF) is a set of guidelines designed to help organizations reduce cybersecurity risks and bolster their defenses.

image_pdfimage_print

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is a set of cybersecurity standards, guidelines, and best practices created to help organizations understand security risks and improve their defenses. While the recommended functions in the framework are relatively straightforward and flexible, coordinated efforts between infrastructure, security, and application stakeholders are required to follow them. By doing so, organizations can reduce cybersecurity risks and ensure recoverability in the event of a successful ransomware attack.

The NIST CSF 2.0 recommends five functions that organizations should adopt to manage and reduce their cybersecurity risks: 

1. Identify: Organizations should identify crucial business processes and assets that are required to keep a business running. This requires documentation of information flows and the identification of potential threats and vulnerabilities that can put assets at risk. 

2. Protect: Appropriate safeguards must be in place to limit or contain the impact of a potential cybersecurity event. This calls for access management, the protection and monitoring of devices, and the use of automated backups to ensure data is recoverable. End-to-end data encryption is another requirement to protect data both at rest and in flight. 

3. Detect: Timely discovery of cybersecurity threats and compromises is essential. This requires the continuous monitoring of networks, systems, and facilities to identify anomalous events. 

4. Respond: Organizations require the ability to contain the impact of a cybersecurity event. This function covers response planning processes that can be executed during and after an incident.

5. Recover: It is critical to maintain and communicate plans for resilience and restoring capabilities and services impaired due to a cybersecurity incident. Plans should cover how assets and operations are restored, as well as storage and backup capabilities to fulfill several of the functions in the NIST CSF. 

Collaboration Is Key

Though backups are unlikely to switch over from IT infrastructure professionals to security teams, some of the NIST CSF 2.0 processes require the oversight of security professionals. For example, within the protect function, regular backups with indelible storage are required to ensure recovery after a cybersecurity event. The protect function also requires security professionals to have access control management to ensure that administrator accounts are monitored and secured with technologies such as multi-factor authentication. By doing this, security teams can prevent bad actors with stolen administrator credentials from erasing backup repositories that would derail recovery efforts. The protect function also requires the use of end-to-end encryption to keep data safe both at rest and in flight.

In recent years, data protection and storage vendors have added in-line ransomware detection capabilities to their platforms to quickly identify cybersecurity threats and suspicious behavior, such as large-scale data deletions or encryptions. Though these capabilities are features within storage systems and software, they also should be leveraged to satisfy the detect function requirements in the NIST CSF.

Written By: