The 2017 Equifax data breach is expected to break all previous records for data breach costs, with Larry Ponemon, chairman of the Ponemon Institute, estimating the final cost to be more than $600 million.
Even non-enterprise-level organizations suffer severe consequences for data breaches. According to the National Cyber Security Alliance, mid-market companies pay more than $1 million in post-attack mitigation, and the average cost of a data breach to an SMB is $117,000 per incident. While estimates vary, approximately 60% of businesses who suffer a breach are forced to shut down business within 6 months.
It is more important than ever that businesses of every size prepare for the probably likelihood of an attack. The best place to start in strengthening your business’ security posture is with a cybersecurity framework.
The Biggest Threat? Those Pesky People
More than 75% of data breaches are attributed to people, either through negligence (28%) or malicious intent (47%), according to the 2017 Cost of Data Breach Study by the Ponemon Institute.
This should come as no surprise to IT leadership, who continue to list cybersecurity as a top strategic initiative and recognize the human threat – from negligent users, malicious insiders, and outside attackers – in report after report.
What Is A Security Posture?
Let’s start with an official definition.
According to the NIST Special Publication 800-30, a security posture is “the security status of an enterprise’s networks, information, and systems based on information assurance resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and react as the situation changes.”
In essence, a business’ security posture refers to the plan, strategy, methodologies, and technology tools in place to both deter and respond to cybersecurity threats.
Every organization has a security posture, but not every organization has a good security posture. Building a strong, hardened security posture begins with a secure foundation. To do this, businesses must invest in cybersecurity analysts with deep knowledge of how a cybersecurity framework fits into the evolving security landscape.
Using A Cybersecurity Framework To Build A Secure Foundation
The Center for Internet Security (CIS) and the National Institute of Standards and Technology (NIST) have the two most commonly adopted cybersecurity frameworks businesses choose to use, outside of industry-specific regulations (i.e. PCI DSS).
Unfortunately, many organizations do not use a single cybersecurity framework to assist in the development and deployment of a security strategy. A cybersecurity framework offers recommendations for cyber defense that give guidance in the defense against and response to the most pervasive cyber attacks.
Cybersecurity frameworks provide a first-step to-do list for businesses just beginning their information security journey. These standards, guidelines, and practices provide a foundation for organizations to manage their cybersecurity-related risk.
Deploying A Cybersecurity Framework Is Only Step One
Once a company manages to utilize a cybersecurity framework as part of their posture, they may still struggle to account for all layers of their security posture. Cybersecurity is complex, which is why businesses turn to security partners with expertise in these frameworks and the needs of the business.
Certified cybersecurity experts are hard to come by, though. In fact, the cybersecurity unemployment rate rests at 0% with the demand expected to reach 6 million in 2019. This is precisely why organizations work with partners that employ information security experts who then share their experience and knowledge with clients.
Register today for a one-on-one whiteboard session with the cybersecurity expert team at Mindsight. Find out how our team has helped hundreds of businesses harden their security posture through the use of a cybersecurity framework and increased visibility into informational operations.
Like what you read?
Contact us today to discuss how using a cybersecurity framework can help harden your security posture.
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.
About The Authors
Mishaal Khan has been breaking and – thankfully – rebuilding computers for as long as he can remember. As a Certified Ethical Hacker (CEH), CCIE R&S, Security Practitioner, and Certified Social Engineer Pentester, Khan offers insight into the often murky world of cybersecurity. Khan brings a multinational perspective to the business security posture, and he has consulted with SMBs, schools, government institutions, and global enterprises, seeking to spread awareness in security, privacy, and open source intelligence.
Siobhan Climer, Science and Technology Writer for Mindsight, writes about technology trends in education, healthcare, and business. She previously taught STEM programs in elementary classrooms and museums, and writes extensively about cybersecurity, disaster recovery, cloud services, backups, data storage, network infrastructure, and the contact center. When she’s not writing tech, she’s writing fantasy, gardening, and exploring the world with her twin two-year old daughters. Find her on twitter @techtalksio.