U.S. government issues cyber security framework
Technology and the internet have made it easier for business owners to process paperwork and complete work-related tasks, but many of these organizations have yet to implement a secure network.
This concern matters to companies of all sizes, as they typically lose an average of $194 for each record that is lost or stolen, the Ponemon Institute reported last year. On the bright side, American businesses are beginning to develop more thorough cyber security and disaster recovery plans.
Research from BT Security found that 41 percent of IT professionals in the United States consider cyber security to be a major priority. In other countries, that figure is more commonly around 20 to 30 percent. Whether breaches are caused by internal mistakes or external attacks, all of these incidents are considered a cause for concern.
"U.S. businesses should be celebrated for putting cyber security on the front foot," BT Security CEO Mark Hughes told RIS News. "The risks to business are moving too fast for a purely reactive security approach to be successful. Nor should cyber security be seen as an issue for the IT department alone."
Earlier this month, the Department of Commerce's National Institute of Standards and Technology (NIST) issued a cyber security framework — the 16-part checklist is intended to be a guide for those who have yet to implement such a solution. From the beginning "identify" stages to the "recover" phase, which includes disaster recovery planning, executives are able to challenge how secure their networks are.
"America's economic prosperity, national security, and our individual liberties depend on our commitment to securing cyberspace and maintaining an open, interoperable, secure, and reliable Internet," President Barack Obama said in a statement about NIST's framework. "Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property."
InformationWeek editor Wyatt Kash recently wrote that the framework may not meet the expectations of experienced IT professionals, but that is not the intent of this document because "it does bring together for the first time a useful set of federally endorsed practices for private sector security." Now the question is, how can a business owner implement these expectations when there are so many vendors out there?
If your staff is unsure how to address the NIST's provisions, consider reaching out to business continuity consultants. These professionals have been challenged with these types of interruptions before, so they can develop a framework that works for your company.