This year looks set to be the worst on record for cybersecurity breaches, with 4.1 billion records exposed globally in the first half of 2019 alone.
In Australia, cyber attacks and data breaches are reported to have spiked by almost 700% in the twelve months to February 2019 and, when these occur, the average company takes nearly six months to detect the breach.
The impacts of a cybersecurity breach can be financially crippling for businesses, with major disruption to operations and productivity, as well as reputational damage. The good news is that these threats can be defended against with the appropriate cybersecurity measures in place. In order to achieve this, we implement the best practice NIST Cybersecurity Framework.
What is NIST?
Established in 1901 (as the National Bureau of Standards), the National Institute of Standards and Technology (NIST) is a US Government agency that develops metrics, standards and technology to promote innovation and commercial competitiveness. It is responsible, amongst other things, for developing standards for ‘bullet-proof’ vests saving more than 3,000 US law-enforcement officers from death or disabling injury, and its Internet Time Service sets worldwide computer clocks about 2.6 billion times a day.
NIST’s cybersecurity program implements practical security and privacy measures through standards and best practices, such as the NIST Cybersecurity Framework.
What is the NIST Cybersecurity Framework?
Created through collaboration between industry and government, the NIST Cybersecurity Framework consists of standards, guidelines and best practices to protect critical cyber assets. The Framework is used by US Government agencies and programs requiring stringent cybersecurity compliance, and it is also widely adopted by private organisations because it encompasses best practice security controls.
The Framework provides a common language and systematic methodology for managing cybersecurity risk. It prescribes certain activities to be incorporated in a cybersecurity program that can be customised to meet any organisation’s needs and in a way which compliments their existing cybersecurity and risk management processes. Organisations are able to align their specific requirements and objectives, risk appetite and resources against the desired outcomes of the Framework, with opportunities for improving cybersecurity identified and prioritised.
Why Use the NIST Cybersecurity Framework?
The NIST Cybersecurity Framework enables organisations of all sizes, maturities and industries to better manage and reduce their cybersecurity risk.
It provides an opportunity to identify areas where existing cybersecurity processes can be strengthened, or where new processes can be implemented, to achieve a better overall risk profile. When paired with an implementation plan, organisations are able to achieve cost-effective prioritisation and clearer internal communication of cybersecurity controls and outcomes.
See why the NIST Cybersecurity Framework has been so successful:
As a testament to the efficacy and broad appeal of the NIST Cybersecurity Framework, the Israeli National Cyber Directorate (INCD) adopted the Framework as the basis for the Israeli ‘Cyber Defense Methodology for the Organization’ published in 2017, making the Framework available to be implemented by the whole economy of Israel. The flexibility of the Framework has enabled it to meet various sectoral and market needs, seeing it adopted voluntarily by many organisations in the Israeli market across private enterprise, academia and government.
The NIST Cybersecurity Framework has served as a solid and beneficial basis for developing the Israeli ‘Cyber Defense Methodology for the Organization’. Furthermore, harmonizing our methodology with leading standards creates an international cyber defense language which supports collaboration against global cyber threats.
Igal Unna, Director General, Israel National Cyber Directorate
NIST Cybersecurity Framework and Forsythes Technology
Forsythes Technology has developed the NIST Cybersecurity Rapid Score service using the cybersecurity best practice framework from NIST. This is a brief two-day engagement for us to provide an assessment of your current IT and cybersecurity environment across these areas:
- Data Security
- Identity Management, Authentication & Access Control
- Protective Technology
- Risk Assessment
- Detection Processes
- Awareness & Training
- Recovery Planning
- Response Planning
What you will receive from us
Cybersecurity Rapid Score & Report including your risk score and detail of your risk profile and vulnerability to attack, classified into one of the following categories. Our security experts will also provide you with a prioritised list of steps to achieve a reduced risk profile in line with your industry, and a summary of the potential impact of a breach to your organisation.
- Extreme Risk
- High Risk
- Medium Risk
- Low Risk
- Best Practice (Very Low Risk)
Forsythes Technology also offers an exhaustive NIST Audit along with optional security hardening if you would like to achieve best practice alignment to the NIST framework. This can be quoted based on an analysis of your environment.