By Jason Stein, VP of Cybersecurity, Telarus
Hello, friends, and welcome to my first blog of 2023! I look forward to connecting more with you this way and hope that the insights I share in my blogs provide value to your business as you navigate the new frontier of cybersecurity with your customers.
As a cloud, security, and telecommunications leader and trainer who has worked with companies of every industry to succeed in this constantly changing space, I am pretty passionate about what’s going on in cybersecurity these days. In my mind (ok, so I’m a little biased), it’s a critical area of tech your customers should invest in to protect their businesses and people.
If it’s anything this past year has taught us in the cybersecurity world, it’s that cybercriminals and security breaches can happen to any company. Last fall, the Los Angeles Unified School District – the second largest district in the nation – was the 29th district to suffer ransomware attacks. And remember the 18-year-old behind the September 2022 Uber breach? Regardless of their size, businesses can’t afford to not invest in cybersecurity measures these days.
As a technology advisor, you have a very exciting opportunity to become a valued and trusted business partner for your customers, helping them navigate the complexities of cybersecurity and ensuring they invest in the right resources to keep pace with new, costly threats.
How to build a framework for addressing cybersecurity
The cybersecurity universe is vast: It entails the protection of internet-connected systems such as hardware, software, and data from cyberthreats (of which there are many – I highlight the biggies for 2023 in the next section). As organizations transmit sensitive data across networks and to other devices while doing business, cybersecurity is the discipline dedicated to protecting that information and the systems used to process or store it. As the volume and sophistication of cyber attacks grow, companies tasked with safeguarding information relating to national security, health, or financial records must take steps to protect their sensitive business and personnel information.
NIST (National Institute of Standards and Technology) is the most popular framework adopted by clients in the U.S. It includes five steps to addressing cybersecurity risks that your customers should be considering in their security plans:
– Identify – Includes assessing cybersecurity risk to systems, people, assets, data, and capabilities. Do your customers understand what their vulnerabilities are? Where are all of their physical and software assets located? Have they put policies and procedures in place?
– Protect – Outlines appropriate safeguards to ensure delivery of critical infrastructure services and the ability to limit the impact of a potential cybersecurity event. Includes staff training, identity management (physical and remote), maintenance activities, and data security (encryption).
– Detect – Defines the activities for timely discovery of a cybersecurity event. Includes the appropriate processes and resources to detect anomalies and ensure continuous monitoring.
– Respond – Includes the activities required to take action and contain a detected cybersecurity incident, such as a communications plan for internal and external stakeholders and a regularly tested incident response plan.
– Recover – Supports timely recovery of impaired services or capabilities back to normal operations to reduce the impact from a cybersecurity incident. Includes recovery planning processes and procedures to restore systems/assets, root cause analysis and implementing improvements, and post-recovery internal and external communications.