A million-dollar question that organisations frequently ask is whether they can be spared from cyber-attacks. The answer is invariably ‘No’. This is so because the approach in fighting cyber-attacks is often reactionary rather than pre-emptive as cyber-attacks are evolving every day. One cannot blame the organisations’ concern when considering that in 2019 alone the scale of data theft was staggering. Over 4.1 billion records exposed in the first half of 2019 alone according to RiskBased Security. Cybersecurity keeps IT teams on the edge, always looking for ransomware to avoid propagation. Cyber-attacks can range from identity theft, financial fraud to political hacktivism. Cyber-attacks can impact an organisation from different threat agents:
- Insider Threats: these are threats that are usually initiated by employees, be it by mere negligence or unintentional misuse to actual intentional abuse. This is one of the biggest causes of breaches.
- Outsider Threats: these can be wider and can be categorized as:
- Financial Attacks – which occur though hackers and other individuals who sanction hacking attacks for others, an example of which is distributed denial of service (DDoS).
- Industrial spies – who would be monitoring their competitors with the aim of learning about the technologies involved, production information and plant architectural systems. This category of spying is also common within government agencies who would want to exploit safety hazards, industrial secrets and other confidential information on other governments.
- Political Hactivism – hacking individual accounts for propaganda on political ideals and issues, which can be malicious and undermines security of the internet.
Cybersecurity frameworks are designed and built specifically to preserve the confidentiality, integrity and availability of the information in cyber space. Cybersecurity frameworks help in enriching the IT security of an organization and contribute to risk management in many ways – most of all because they upgrade the existing security protocols, by building new layers of security and complying with laws, regulations and standards.
There exist five processes that define a cyber security framework as established in the US National Institute of Standards and Technology (NIST) – Identify, Protect, Detect, Respond and Recover. Any cybersecurity program will work on these five pillars. These five processes act as the backbone of the cybersecurity core with all other secondary elements organised around them.
- Identify – This process helps in developing an understanding to managing cybersecurity, people, assets, data and capabilities. It identifies asset vulnerabilities and risk management strategies.
- Protect – The process of outlining the appropriate safeguards to the corporate access control systems, data security and maintenance.
- Detect – Identifies potential breaches by detecting intrusion in a timely manner and enables continuous monitoring.
- Respond – The process of detecting the breach and supporting the ability to contain the impact of a cybersecurity incident to minimise damage.
- Recover – Having the appropriate back-up plans to restore any capabilities or services which have suffered during the cybersecurity incident. This is achieved by ensuring recovery in a timely manner and implementing improvements that are based on the lessons learned and communicating the same with both internal and external stakeholders.
There exist a number of cybersecurity frameworks, however, the most frequently used are the International Standards Organisation (ISO), ISO/IEC 27001 on information technology-security techniques-information security management systems-requirements (ISMS) which is accepted as a global standard of effective management of information assets. ISO/IEC 27032 on cybersecurity and cyber-attack mitigation is an extension to the ISO/IEC 27001 and ISO/IEC 27005 on information security risk management.
Once the organisation has identified its structure and designed a system, the next step is conducting a risk assessment which will identify, justify priorities and analyse threats and vulnerabilities. The results of the risk assessment should outline a number of hazards and risks identified that can expose the organization to serious cybersecurity breaches. The oganisation is to preempt such breaches by establishing appropriate cybersecurity measures and controls to mitigate vulnerabilities.
Cybersecurity frameworks provide organisations with templates to guide them with the right processes and procedures. An organization may wish to use multiple frameworks to meet the specific requirements of the organisation. These framework controls are not to remain static as updates and changes should mirror any new technology adopted by the organisation or change in the provision of service.