A Weekend in Incident Response #28: How Could NIST Small Businesses Cybersecurity Act Help Improve Cybersecurity for Small Companies?

A recently proposed bill promises to be a great help to small entities as they try to fend off an increasing number of cyber threats that they are seeing in recent years. The NIST Small Businesses Cybersecurity Act of 2017 was recently approved by the US House Committee on Science, Space and Technology, and will soon be headed to the Senate.

The main goal of the legislation is to instruct the National Institute of Standards and Technology (NIST)  to allocate resources to “help small business concerns identify, assess, manage, and reduce their cyber security risks”. This bill addresses the key issues contributing to the increased cyber security risks faced by small businesses. Among other things, it recommends that the NIST security standards“disseminate resources to promote awareness of basic controls and a workplace cyber security culture”, which are some of the leading challenges for small businesses when it comes to tackling cyber threats.

Sharing Information

Sharing information is another important aspect of cyber security that is of great relevance to small businesses and is mentioned in the proposed bill, as well. The NIST security guidelines are designed to help small businesses get the information that they need to improve their cyber defense and resilience to cyber attacks. In this regard, small businesses could use a security automation and orchestration platform, which has the ability to share cyber incident intelligence.

With a platform with cyber threat intelligence sharing capabilities, small businesses can reduce their reaction time following a cyber security event, which is of utmost importance in terms of containing the damage and bringing their computer systems back into operation as soon as possible. Exchanging information on current and past incidents, while also ensuring that you don’t share any confidential and sensitive data in the process, is one of the key steps of the broader and ongoing process of defending against and prevent cyber attacks, and keeping cyber incidents under control.

Identify Cybersecurity Risks

These types of platforms can also help small businesses identify cyber security risks and track, predict and detect breaches, enabling a proactive approach to cyber security, which is the best way to prevent attacks in this age when cyber criminals keep inventing new ways, methods, and technologies to gain access to organizations’ computer systems.

While the NIST Cybersecurity Act aimed at improving their abilities to protect against cyber attacks would certainly be of great help to them, small businesses should not rely solely on the prospect of seeing such a legislation enacted in the future. To be able to get the most out of the NIST security framework, small entities should consider utilizing an automation and orchestration platform as part of their ongoing efforts for improving cyber security for today with the ability to scale as your small business grows.

A Weekend in Incident Response #12: How to Create Cyber Incident Recovery Playbooks in Line with New NIST Guide

When it comes to protecting your organization against cyber incidents, you can never be too careful. The methods and techniques employed by cyber criminals are becoming increasingly sophisticated with each passing day, requiring you to adapt and improve your cyber defense accordingly. One of the most important aspects of any type of protection against cyber attacks is the way you respond to and recover from current and past cybersecurity events. Cyber incident recovery playbooks as an integral part of an organization’s incident response strategy can go a long way toward reducing reaction times and restoring operations as soon as possible following an attack.

In this regard, it can be said that cybersecurity incident response platforms are necessary for every organization that needs to protect information and other assets that could be potential targets of cyber criminals. These types of platforms help businesses and government agencies stave off cyber attacks and recover from data breaches, and their usage is in line with recommendations by the United States National Institute of Standards and Technology (NIST). To make it easier for organizations to recover from various cybersecurity incidents as quickly as possible, the NIST constantly issues new and updated guidelines that represent a good foundation that organizations can rely on while developing their cyber incident response plans. The latest guide introduced by the NIST focuses on what organizations can do to make their recovery procedures and processes more effective and less time-consuming.

Efficient Risk Management

The Guide for Cybersecurity Event Recovery encompasses wide-ranging tips on how to create a best practices plan for making an organization’s system fully operational following a breach. One of the key points addressed in this guide is the fact that recovery is a crucial aspect of the broader risk management efforts within an organization, stressing that there are various solutions for bringing a system back online, but no matter the severity of the breach that brought the system down, every organization needs to be prepared to respond to these events in advance. To do that, organizations are advised to adopt detailed plans and cyber incident recovery playbooks for various types of cybersecurity incidents, so that they can reduce their reaction time and minimize the damage in the event of a data breach.

Playbooks are a central key to the Recovery Processes and Procedures

When it comes to recovery, the NIST guide basically states that every organization needs to focus on the development of recovery processes and procedures that are centered around playbooks, which would allow them to respond to different types of breaches in the most effective way.

Automated playbooks are considered to be a crucial tool for a successful recovery operation. Using a platform providing automated cyber security incident recovery playbooks increases the level of preparedness of your organization to quickly respond to cybersecurity events and recover from data breaches, ransomware, and other incidents. The guide advises recovery teams within each organization to run the plays with table top exercises so that they can be constantly aware of all potential risk scenarios and detect potential gaps in their response plans.

In addition to playbooks, the guide highlights the aspect of documenting current and past cybersecurity incidents as another important factor for improving an organization’s recovery capabilities. To that end, organizations should utilize a platform that includes automated playbooks and has the ability to track digital evidence and analyze the causes of cybersecurity incidents. Followed by an automated creation of extensive and detailed incident reports. A platform of this type is the best solution for a comprehensive cybersecurity incident protection, encompassing identification, detection, response, and recovery.