Cyber resiliency is all hands on deck
Among the prominent signs that ransomware isn’t abating and shouldn’t be taken lightly, the U.S. National Institute of Standards and Technology (NIST) recently updated “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach” with a focus on cyber resiliency engineering. This emerging specialty systems engineering discipline applied in conjunction with systems security engineering develops survivable, trustworthy secure systems.
Cyber resiliency engineering is geared toward architecting, designing, developing, implementing, maintaining, and sustaining the trustworthiness of systems. They can then anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises that use or are enabled by cyber resources. From a risk management perspective, cyber resiliency is intended to help reduce the mission, business, organizational, enterprise, or sector risk of depending on cyber resources.
This can be a relief to organizations since the talent shortage is impacting collaboration between IT and security teams. In a recent report, 77% of IT decision-makers and 78% of SecOps professionals agreed it’s having an impact. This lack of coordination between IT and SecOps, the same report highlights, is leading to respondents believing their organization is more exposed to cyber threats. All respondents particularly fear:
One part of the NIST cybersecurity resilience framework approach is a set of guidelines, standards, and best practices designed to help organizations manage and reduce cybersecurity risks. The framework provides a common language and a systematic approach to managing cybersecurity risks across different sectors and industries. It’s based on the core functions of identify, protect, detect, respond and recover. These functions help organizations understand their cybersecurity risks, protect their assets, detect and respond to cybersecurity incidents, and recover from them in a timely manner.
At the highest level, a robust cyber resilience framework encompasses two key concepts: withstanding an attack and recovering from an attack.
Modern thinking: Center your security strategy on data
In Formula 1 racing, the car is the focus. How do you maximize its speed? How do you optimize its performance? How do you do it all safely? In business and government, data is the Formula 1 car. It’s driving digital business and government. But data is not at the forefront of many security and management strategies. There’s too much focus on infrastructure and systems, particularly across clouds.
The mission of the Data Security Alliance is centered on data, specifically to unify data management and data security behind cyber resiliency. The vision is to deliver industry-changing technical integrations and architectures as well as robust data and security collaboration, best practices, and thought leadership around data.
领英推荐
This vision differs from, but is complementary to, that of the Cloud Security Alliance (CSA) , which is dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. Organizations are struggling with securing and tracking sensitive data in the cloud. Only 4% believe all their cloud data is sufficiently secured, over a quarter of organizations aren’t tracking regulated data, nearly a third aren’t tracking confidential or internal data, and 45% aren’t tracking unclassified data, according to the State of Cloud Data Security research report by the CSA.
The Data Security Alliance integrations and best practices will help organizations weave a cohesive set of processes and controls together to minimize the impact of cyber incidents. It also will increase organizational confidence in data stored everywhere—across public, private, and hybrid computing environments.
“Cyber resiliency starts with getting the basics right, especially around your data. It’s essential to understand where your sensitive data lives, what it is, who has access to it, and the risks associated. As a Security community, we need to place data at the center of our security strategy.” – Tyler Young , BigID CISO
With data at the center of your cybersecurity strategy, your organization can positively:
You can achieve these benefits by proactively staying ahead of threats throughout the distinct phases of the ransomware journey: