Responding to new cybersecurity attacks and breaches The National Institute of Standards and Technology (NIST) passed the NIST small business cybersecurity act in 2018. What the act means for small businesses, is that NIST is required to provide support to small and medium-sized companies in their efforts to prevent cybersecurity breaches and attacks.
NIST 800-171 / DFARS
Nowadays, all kinds of companies are expanding their horizons and pushing their boundaries beyond what can be done in a physical office space. Even before the COVID-19 pandemic and its effects on businesses across the world, mobility and flexibility have been strategic priorities. Now, our new normal has made most businesses at least partially remote.
“Do not trust anyone!” The catchphrase that best describes zero trust, is a security concept encouraging organizations to automatically distrust all network activity. As this security concept gains traction, many security providers are flooding the market with solutions. In this article, we will unpack the top technologies for a zero trust cybersecurity architecture.
NERC vs. NIST: Choosing the Right Infrastructure Cybersecurity Framework
Cybersecurity implementation can be a long and complicated process if your organization hasn’t been built with security as a part of its design. This is why different committees, interest groups, governments, and cybersecurity professionals come together to develop robust cybersecurity frameworks and regulations.
Depending on the industry that your organization is part of, these frameworks and regulations may be known to you as CIS CSC, NIST, ENISA, ISO 27001 ect. With so many frameworks it is hard to know which is best suited to your organization’s needs. Although all frameworks have their merit, some pertain to either specific industries or requirements.
There’s been a paradigm shift over the past decade and a half in the world of cybersecurity. Whereas older models and systems prioritized perimeter defense, the definition of “perimeter” itself has changed over time. Today, businesses are increasingly mobile and remote, utilizing cloud servers to extend the workforce far outside the office or headquarters.
These changes are all the more necessary in our current environment of pandemic response. Our mandated practices of social distancing and work from home (WFH) have created an environment in which every company is rethinking its perimeters in real time. These challenging times call for new practices, and zero trust framework is the future of cybersecurity.
Cloud technology has revolutionized the way businesses operate all across the world. Cloud servers enable any company to leverage others’ computing capabilities to mobilize their own workforces, enabling greater flexibility in all business operations. Whether it’s enabling the storage of sensitive data or work from home, the cloud is key to all businesses’ future.
Many current cybersecurity plans and models follow an older set of priorities that hinge upon the importance of strong perimeter defense. To use a physical analogy many cybersecurity architectures focus on building up the walls and moats protecting the very outside of your castle from attack. But inherent in these schemes is an implicit trust of everyone already inside.
Department of Defense contractors and subcontractors have a big change to cybersecurity governance regulations. Current cybersecurity standards (NIST 800-171) are being updated into a new framework called CMMC.
Attentiveness and thoroughness can spell the difference between booming and bankruptcy in today’s ever-changing digital business landscape. With global e-retail sales projected to hit 47 percent this year, the need to have an optimization strategy, clear customer experience, and a practical plan for operational execution becomes more apparent to stay competitive.
Over the last two decades, the role of IT departments has undergone dramatic change due to the growing percentage of Americans who rely upon their tablets, smartphones, or similar mobile devices to accomplish their daily work activities. As is so often the case, this progress has been a boon in some ways and a mounting problem in others, especially for IT; on one hand, the Internet of Things [IoT] has made it so employees are more efficient, on the other, it has opened up a new Pandora’s box of potential cybersecurity threats.
Security controls rarely keep pace with the security risks posed by new tech. And in the case of mobile, security threats arise from both bring your own device [BYOD] policies as well as corporately owned and personally enabled [COPE] mobile policies. In response to this looming threat, the National Institute of Security Technology [NIST] released its “Guidance on Mobile Security Report,” which we’ll outline below. Armed with these security recommendations, your business can ensure that your mobile security practices are up to date and robust.