To put the impact of cybercrime into perspective, let’s examine some important and startling numbers:
Data breach costs increased from $3.86 million to $4.24 million in 2021.
Everyone 39 secondsthere is an attack.
About 90% of health organizations have been victims of at least one infringement in the last three years.
The bottom line? Cyber attacks are frequent and costly, and COVID-19 has only fueled the fire with more employers adopting a remote work structure. reports of identity theft skyrocketed during the pandemic and an overwhelming majority, specifically 90% of businesses, faced an increase in cyberattacks.
In addition to hiring qualified professionals who have a cybersecurity educationbusinesses are turning to proven tools and resources to protect their valuable data and information.
One tool in particular is the NIST Cybersecurity Framework, which is a free resource developed and provided by the US government. Let’s dive.
What is the NIST Cybersecurity Framework?
The National Institute of Standards and Technology (NIST) describes the framework this way:
“The framework is a voluntary guide, based on existing standards, guidelines and practices for organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster cybersecurity and risk management communications between internal and external organizational stakeholders.”
It is important to reiterate that this framework is not mandatory, although it is certainly recommended as it is based on well-researched information and best practices. More importantly, it can be “customized by different sectors and individual organizations to best suit their risks, situations and needs.”
Background and development of the NIST framework
Version 1.0 of the framework was released in February 2014 and according to NIST“was developed in response to Presidential Executive Order (EO) 13636, Improved cybersecurity of critical infrastructure.”
The development was a collaborative effort between industry leaders, relevant stakeholders, and private sector experts, and included workshops, community outreach, and solicited feedback. NIST offers a detailed table illustrating the evolution of the frame.
Examples of companies and organizations using the framework
The overall impact of NIST’s cybersecurity framework is far-reaching.
Although NIST explains that the framework’s “primary stakeholders are US private sector owners and operators of critical infrastructure, its user base has grown to include communities and organizations around the world.” The framework is also appropriate for all types and sizes of businesses, including small businesses. East base user includes some of the largest organizations in all industries.
How to start
This may seem like a lot of information, but NIST provides a breakdown of everything you need to know to get started. Here are some important notes:
- The framework is organized into five important functions:
- Get it back
“These five widely understood terms, when considered together, provide a comprehensive lifecycle view for managing cybersecurity over time.”
Consult NIST Quick Start Guide for more information and to see the activities listed in each section.
- Questions? NIST has compiled a list of Frequent questionsincluded:
- What critical infrastructure does the framework address?
- Would the framework have prevented recent highly publicized attacks?
- What is the difference between “using”, “adopting” and “implementing” the framework?
Does the NIST Cybersecurity Framework Really Work?
The short answer is yes! In fact, there is a catalog of success stories which further validates the framework. Businesses, higher education institutions, and other organizations have successfully implemented the NIST cybersecurity framework in their own ways.
How often will the framework be updated?
Cybercrime is constantly evolving, which means the framework will too. NIST explains that the framework will be “refined, enhanced, and evolved over time to keep pace with technology and threat trends, integrate lessons learned, and establish best practices as common practice.”
In the end, it’s important to consult the right resources and employ the right trained professionals to combat cybercrime. If you’re looking to strengthen the front lines of your cybersecurity team, the NIST Cybersecurity Framework is an important tool worth checking out. As we sadly know, cybercriminals do not discriminate when it comes to an attack, which means that every company and organization in every industry is at risk.
Author Bio: Michelle Moore, Ph.D., is academic director and professor of practice at the The innovative online Master of Science in Cyber Security Operations and Leadership program at the University of San Diego. She is also a researcher and author with more than two decades of experience in the private sector and government as a cybersecurity expert.
Publisher’s note: The views expressed in this guest post are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.