Cyberattacks are on the rise with more and more organizations experiencing attacks against their infrastructure. The number of cyber incidents has been increasing even faster in the last five years than before. In 2021 alone there were on average 270 attacks per company, an increase of 31% compared to 2020. As a result, cybersecurity has never been more important in business continuity to organizations of all sizes in every industry sector.
With attacks multiplying rapidly and becoming more sophisticated, relying on standalone solutions cannot provide adequate protection. Cybersecurity requires a holistic approach built on the company’s existing processes and future needs. At this point, a structured approach can help to identify the most important elements of cybersecurity in general, not depending on a specific solution.
The National Institute of Standards and Technology (NIST) introduced the Cybersecurity Framework recognizing the need for a comprehensive guidance for organizations to better manage and reduce cybersecurity risk. It is intended for any and all organizations regardless of sector or size. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.
‘Instead of talking about specific solutions, we are leveraging structured approach based on Cybersecurity Framework to identify areas to strengthen. Our team can identify the company's current stage within their cybersecurity journey using the NIST Framework, determine the gaps then create measurable goals resulting in a sound and tailor-made cybersecurity strategy’ explains Nikolay Dinev, Services Lead of Softline Eastern Europe.
The Framework provides a structural approach towards cybersecurity and can show where the company is at the moment and what are the next steps to take. That’s the reason Softline incorporates it into their services when mapping and determining the current situation as well as the next steps. The structure, on which the framework was built, can uncover a lot of gaps in a company’s cybersecurity that otherwise remain hidden. It efficiently supports the overall cybersecurity journey from assessing to planning and implementing with measurable results. Moreover, the Framework is providing security controls and linkage to specific compliance frameworks like ISO 2700.
The Cybersecurity Framework includes five functions that were established as a full journey of cybersecurity:
Identify: this function assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities
Protect: to outline appropriate safeguards to ensure delivery of critical infrastructure services
Detect: the function defines the appropriate activities to identify the occurrence of a cybersecurity event
Respond: includes appropriate activities to take action regarding a detected cybersecurity incident
Recover: identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident
‘Every type of company can benefit from the framework regardless of their cybersecurity preparedness. When you have a dedicated cybersecurity team and already implemented best practices, the framework can still uncover gaps. On the other hand, if your company wants to find the right starting point, then the framework can help defining a roadmap for you’, Nikolay Dinev explains the Framework’s versatileness.
Delivering benefits with proven solutions
‘We understand organizations don’t have the time for six-month long assessments in the current economic climate. In less than a month they can receive an assessment from us. After that we present a roadmap covering the field of Identity and Access Management, Threat Protection, Cloud Security and Information Protection and Governance. In these areas we have predefined scope and outstanding experience which help us to be very efficient in the implementation phase.’ says the expert.
Softline’s team of experts has outstanding experience incorporating various solutions into a comprehensive and secure infrastructure. Combining it with the Cybersecurity Framework we can identify and deliver the most fitting solution to your company. We believe in long term partnerships, so we support our customers in every step of the journey.
Ask for a consultation and learn about the steps to take for a reliable and secure environment.
 Accenture, State of Cybersecurity Resiliance 2021
Effectively reducing your company’s cybersecurity risks can’t depend solely on strict policies. Taking proactive measures is just as important. Check out the three levels of actions you should take to protect your assets starting today.
As cyberattacks are becoming more frequent and sophisticated companies can’t afford to approach cybersecurity as an afterthought. Addressing the following three key areas could be a great starting point for any SME to include on their cybersec roadmap:
1. Face up to the technical debt
2. Factor cyber resilience into your security plans
3. Practice good digital hygiene
Learn more about the details and be prepared in the event of an attack.
Identitet, krajnje točke, aplikacije, mreža, infrastruktura i podaci važne su poveznice u
cjelokupnom lancu sigurnosnog modela nultog povjerenja (Zero Trust). Microsoft podržava sigurnost nultog povjerenja (Zero Trust) kroz višestruke slojeve obrane. Pogledajte šest sigurnosnih slojeva modela nultog povjerenja (Zero Trust) i kako ih obraniti.
Kod sigurnosnog modela nultog povjerenja (Zero Trust) radi se o provjerenom povjerenju, naime da biste vjerovali, najprije morate provjeriti. Sigurnosni model nultog povjerenja (Zero Trust) podrazumijeva visoku razinu provjere identiteta, potvrđuje usklađenost uređaja prije odobrenja pristupa te osigurava pristup isključivo ovlaštenim resursima u skladu s načelom najnižih povlastica. U ovom članku sažimamo temeljne elemente sigurnosnog modela nultog povjerenja (Zero Trust).