An invaluable roadmap for InfoSec management
Cybercrime does not differentiate between large, small, private, or public companies. Dispensaries, growers, labs or banks, all cannabis industries need to determine their risk acceptance as they are perceived as an easy target. Many utilize the National Institute of Standards and Technology (NIST) CSF requirements to manage security risks and vulnerabilities which include confidentiality, integrity, and availability of their information and technology assets.
The meteoric rise of cybercrime has caught many organizations unawares. Malware has spread from PCs to smartphones, phishing scams have grown more sophisticated, and ransomware is running rampant.
You can hire hackers and botnets, or buy cybercrime software, complete with technical support, all too easily. The rapidly expanding Internet of Things is woefully insecure, creating many more access points that can be exploited by hackers.
In the face of this growing threat, we need to find practical strategies that can be employed to mitigate risk and protect our data. One such strategy can be found in a National Institute of Standards and Technology (NIST) document called the Cybersecurity Framework.
The product of extensive collaboration in the security industry, this document is a constantly evolving framework designed to help organizations strengthen their defenses, benefiting the entire community from state governments to banks to retail chains and beyond. It’s a comprehensive, flexible guide that presents important principles to help you build the necessary culture to stay ahead in the race against cybercriminals.
“The NIST Cybersecurity Framework should be the cornerstone of your cybersecurity strategy,” says George Wrenn, CEO of CyberSaint Security. “It’s time to run cybersecurity as a business function with clear goals and measures based on a national framework. You want the ability to communicate your posture to all your constituents.”
Establishing common standards
Because everything is interconnected, the architects recognized the need for a collaborative and holistic approach that’s inclusive. The framework provides a common, accessible set of reference points for everyone from InfoSec professionals to executives across industries, helping to strengthen their cybersecurity strategies, not just individually, but also collectively.
NIST’s framework ensures that everyone is speaking the same language, making it easier to share and discuss tactics, and to plan, deploy, and improve cybersecurity strategies.
Whether you’re establishing a cybersecurity program, or you simply want to strengthen what you already have in place, NIST’s framework can help. By following it, organizations can get a clear view of the current state of their cybersecurity, they can establish targets, identify potential improvements, assess progress accurately, and communicate about cybersecurity risks both internally and externally.
Adoption reached 30% within two years, according to Gartner, and that’s expected to rise to 50% by 2020. Broad adoption furthers everyone’s understanding and fosters the creation of automated tools and processes to help companies quickly and effectively prove due diligence and compliance through their cybersecurity strategy.
Measuring your evolution
Just as cybercriminals evolve and develop new tactics to uncover fresh vectors of attack, our cybersecurity defenses should be agile and constantly improving. The framework is a risk-based approach that’s broken down into three parts. The depth of detail contained within is beyond the scope of this article, but here’s a brief overview:
The Framework Core focuses on five functions: Identify, Protect, Detect, Respond, and Recover. They can be adapted for any organization or situation. They’re not intended as a path to follow, but rather as a concurrent and continuous set of functions that can deliver a big picture view of the health of your cybersecurity strategy.
The Framework Implementation Tiers help organizations to characterize their practices. There are four tiers and selection requires careful consideration of risk management tactics, likely threats, legal and regulatory requirements, organizational constraints, and, of course, business goals. The idea is to help organizations to progress from informal, reactive responses to threats, and help them become agile and risk-informed.
The Framework Profile empowers organizations to identify opportunities for improvement by revealing the gaps between their current strategy and their target state. It can be configured to encompass security goals and priorities, tempered with business needs and cost-effectiveness.
Ultimately, the framework is flexible enough to cater for any industry, providing an effective way to establish a baseline, set goals for improvement, and continuously assess progress.
But there’s also recognition that the goalposts are constantly moving. Rather than setting a course for an endpoint, we need to continually ask the right questions and define strategies that adapt to meet perpetually changing threats. By being proactive in our risk management, we can stay one step ahead of the cybercriminals.
Michelle Drolet is founder of Towerwall, a woman-owned cybersecurity and cannabis compliance services provider in Framingham, Mass., with clients such as CannaCare, Smith & Wesson, Covenant Healthcare and many mid-size organizations. She can be reached at [email protected].
Your email address will not be published. Required fields are marked *
Save my name, email, and website in this browser for the next time I comment.
Notify me of follow-up comments by email.
Notify me of new posts by email.
Canopy Growth Corp (WEED.TO), posted another core loss on Thursday, denting investor hopes that the cannabis producer would turn profitable anytime soon, sending its U.S.-listed shares down 10%. The company’s quarterly gross margin was impacted by a decline in production, lower prices in the Canadian recreational business, a shift in business mix and fall in…
This year, Delaware advocates and lawmakers came the closest they ever have to legalizing recreational marijuana in the state. But Gov. John Carney’s refusal to support recreational marijuana ultimately crushed the dream of legalization, landing the bill amongst the countless other failed attempts over the past several years. Here’s what happened. This year’s first effort…
In an effort to open the newly legal marijuana market to those most harmed during the years it was criminalized, Connecticut lawmakers set strict standards for who may own the emerging businesses. But they didn’t legislate anything about profits. Last month the state’s Social Equity Council approved the applications of 16 marijuana growers and disqualified…
With three months left in 2022 fiscal year, average daily seizures of pot, cocaine and heroin plummet; fentanyl still going strong EL PASO, Texas (Border Report) – Border agents are reporting a 25 percent increase in illicit drug seizures at ports of entry, highway checkpoints and along the international boundary last June compared to May. However, seizures…