Cybersecurity Ventures predicts cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015. The NIST Framework for Improving Critical Infrastructure Cybersecurity, commonly referred to as the NIST Cybersecurity Framework (CSF), provides private sector organizations with a structure for assessing and improving their ability to prevent, detect and respond to cyber incidents. The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) issed in February 2014 Cybersecurity Framework version 1.0 , more widely known as the Cybersecurity Framework. NIST released version 1.1 of its popular Framework for Improving Critical Infrastructure Cybersecurity in April 2018
“Cybersecurity is critical for national and economic security,” said Secretary of Commerce Wilbur Ross. “The voluntary NIST Cybersecurity Framework should be every company’s first line of defense. Adopting version 1.1 is a must do for all CEO’s.” The framework was developed with a focus on industries vital to national and economic security, including energy, banking, communications and the defense industrial base. It has since proven flexible enough to be adopted voluntarily by large and small companies and organizations across all industry sectors, as well as by federal, state and local governments.
NIST described it as a voluntary “risk-based approach to managing cybersecurity risk” for organizations of all shapes and sizes. The resulting NIST Framework, created through collaboration between government and the private sector, uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses. The Framework enables organizations, regardless of size, degree of cybersecurity risk, or cybersecurity sophistication to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure.
“The odds of getting struck by lightning are 1 in 960 000, while the odds of dating a millionaire are 1 in 220 people, but the odds of experiencing a data breach are one in four people. And experiencing a cyber breach is not a matter of ‘if’, it’s a matter of ‘when’. “Cyber security threats exploit the increased complexity and connectivity of critical infrastructure systems, placing an organisation at risk. Similar to financial and reputational risk, cyber security risks affect a company’s bottom line, driving up costs and impacting revenue,” Brett Skinner, security sales manager at Micro Focus SA, speaking at the ITWeb Security Summit 2019 in Sandton, in May 2019 pointed out.
Discussing effective breach defence strategies and the advantages of basing an organisation’s enterprise security strategy on a broader framework, Skinner explained that security frameworks provide a common lexicon to consider internally, helping to safeguard the use of critical infrastructure, while limiting the chances of a security breach. The NIST framework consists of standards, guidelines, and best practices to manage cyber security threats, which exploit the increased complexity and connectivity of critical infrastructure systems,” explained Skinner. “A solid cyber security framework helps organisations to validate the controls and processes already in place, and identify which areas require more investing to improve security, technology, people or processes.
In the handful of years since the NIST Cybersecurity Framework (CSF) was developed, it’s been widely modeled in the US and by many other countries and organizations internationally. According to Gartner, more than 50 percent of U.S.-based organizations will use the NIST Cybersecurity Framework as a central component of their enterprise risk management strategy by 2020, up from 30 percent in 2015.
IDST Monthly Access Membership Required
You must be a IDST Monthly Access member to access this content.