Last week we covered the first principle in the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF): Identify. “You can’t Protect what you can’t see” so cybersecurity teams must assess and understand what assets and resources are being used on their network.
This week, we are covering the second principle in the CSF: Protect. This principle aims to implement safeguards that ensure the integrity, confidentiality, and availability of critical infrastructure and sensitive data. Cybersecurity teams that are implementing the protect principle will use many methods and tools such as access control, awareness training, data security and encryption, maintenance, firewalls, and intrusion detection systems.
For example, cyber teams will do regular maintenance on their networks to make sure all machines are running smoothly and up to date. Outdated software is one of the easiest ways for a vulnerability to slip into a network so maintaining systems is a crucial task for any cybersecurity team.
Neglecting the protect principle has serious consequences. In 2018, Marriott International experienced a data breach stemming from outdated Windows Servers. The outdated software allowed bad actors to plant a remote access trojan (RAT) on the network. Using the RAT, bad actors gained access to and exposed nearly 500 million Marriott customers’ PAI. After the breach, Marriott was left with roughly $30 million in recovery, an extremely wounded reputation, and several lawsuits of up to $12.5 billion.
Do you know if your software is secure and up to date?
The "Protect" principle is not just about technology; it’s about creating a comprehensive security culture within the organization. By fostering an environment where cybersecurity is prioritized at all levels, organizations can build resilience against cyber threats. A strong protective posture can help ensure that organizations are not only compliant with regulations but are also capable of maintaining operational continuity in the face of cyber incidents.
On the agenda for next week is the third principle in the NIST CSF: Detect. Until then, head over to our solutions page to see how CyberZek’s can help your team protect your network.