Cyber Protection: A Complex Process, Not A One-Time Solution

Cyber Protection_ A Complex Process, Not A One-Time Solution

Modern effective cyber protection means an adaptation of 5 basic elements that would be improved simultaneously with the evolution of digital threats.

The so-called digitalization – social networks, mobile technologies, analytical and cloud technologies for creating, processing and storing data – transforms not only the reality surrounding us but also ideas about how we learn, work and spend our free time.

“Digital transformation is not just a technological trend but the core of the corporate strategy of any enterprise, regardless of business or market,” commented the international research corporation.

Developing Internet of everything (IoE) connecting everyone, everything, anywhere and anytime, requires a fundamentally different, holistic approach to ensure the safety of users, devices, and processes from intentional or unintentional damage due to incidents related to information security. A holistic approach includes all the major aspects of cybersecurity – not just users, products and processes – but also the five key components necessary to ensure continuous and maximum protection: Recognition, Protection, Detection, Response, and Recovery.

5 key components of cyber protection

cyber protection

These five key components, which were developed by the National Institute of Standards and Technology (NIST) under the US Department of Commerce, are divided into 22 categories and 98 subcategories and underlie the universal model for building an effective cyber defense system.

Recognition

Development and implementation of effective risk management mechanisms necessary for virus-dependent incidents directed against corporate organizations, assets, data, and know-how. Within the framework of the company’s asset, the politician manages the business environment, corporate governance, risk assessment standards and management strategies.

Protection

The development and implementation of effective protection mechanisms that ensure the stable operation of critical infrastructure in order to minimize or completely eliminate damage from potential incidents involving cyber threats.

Detection

Development and application of appropriate mechanisms for the timely detection of cyber attacks.

Response

Development and implementation of instant response mechanisms for the detection of cyber attacks to maximize the possible reduction of damage to the enterprise and its assets.

Recovery

Development and implementation of the necessary mechanisms for the early introduction into the operation of all elements of the corporate infrastructure that were disabled as a result of the virus-dependent incident.

According to Gartner, the universal system of effective cyber protection, developed by the National Institute of Standards and Technology (NIST), employs only 30% of corporate organizations in the US, but by 2020 their number should grow to 50%. According to the survey, the key factors in choosing this system are:

  • compliance with the latest standards in cybersecurity (70%);
  • compliance with the requirements of business partners (29%);
  • compliance with the requirements for organizations, serving subjects of state contracts (28%).

Despite the proven high efficiency, the widespread adaptation of this system is primarily complicated by high initial cost. The majority of organizations (70%) consider the complex system of cyber defense offered by the Institute the most effective for today, however, about 50% of them indicate its high price as the main obstacle to its installation. While 84% of organizations use other, often less effective, analogs to protect their critical infrastructures, 64% use the NIST system only partially, primarily because of the price, and 83% organizations are inclined to introduce some modules of the integrated cybersecurity model (CSF – CyberSecurity Framework).

A more joyful picture is described by Intel, which was actively involved in the project of the integrated model of cyber defense (CSF) of the National Institute of Standards and Technologies in February 2013 until the release of the finished solution in February 2014.

Intel’s main conclusions:

  1. The CSF model encourages constructive discussion within organizations about compliance with requirements for cybersecurity, the degree of tolerance for risks, management effectiveness and other areas of risk management for virus-dependent incidents;
  2. The correspondence of the effective cyber defense model to modern standards and the requirements imposed by the information security industry for such solutions make it an ideal and easily scalable model in accordance with the scope of activities and the real needs of the particular organization.

Cyber protection is a constant process

New cyber attacks appear every day. For their successful conduct, cybercriminals invent more sophisticated schemes and scenarios and hope that this problem will bypass the enterprise by side means to underestimate the degree of risk with all the ensuing consequences.

Moreover, cybercriminals only have one-time luck to achieve a mercenary goal. To protect against these threats and meet the requirements of the industry and the market, one must be one step ahead of all.

However, this does not mean that the situation is hopeless. Effective cyber defense is a reality that exists and is accessible to every organization that will decide to adapt all components of a single integrated system. To make this decision easier, it’s enough to take a different look at the concept of online protection in general and try to realize that you are not only responsible for yourself, your data, infrastructure, assets, but for partners and, ultimately, your image.

In the next article, we will talk in more detail about cyber threats and internal and external factors that can damage an enterprise.